MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use `safeTransfer()` instead of `transfer()` and `safeTransferFrom()` instead of `transferFrom()`

DarkTower

Vulnerability Details

transfer() might return false instead of reverting, in this case, ignoring return value leads to considering it successful.

Context: https://github.com/Cyfrin/2024-01-Morpheus/blob/main/contracts/mock/GatewayRouterMock.sol#L15

function outboundTransfer(
address _token,
address _to,
uint256 _amount,
uint256 _maxGas,
uint256 _gasPriceBid,
bytes calldata _data
) external payable returns (bytes memory) {
@> IERC20(_token).transferFrom(msg.sender, _to, _amount);
return abi.encode(_token, _to, _amount, _maxGas, _gasPriceBid, _data);
}
function getGateway(address) external view returns (address) {
return address(this);
}

Similarly, transferFrom() also don't revert but returning false.

Context: https://github.com/Cyfrin/2024-01-Morpheus/blob/main/contracts/mock/SwapRouterMock.sol#L9

function exactInputSingle(ISwapRouter.ExactInputSingleParams calldata params_) external returns (uint256) {
IERC20(params_.tokenIn).transferFrom(msg.sender, address(this), params_.amountIn);
IERC20(params_.tokenOut).transfer(params_.recipient, params_.amountIn);
return params_.amountIn;
}

Impact

Tokens that don't actually perform the transfer and return false are still counted as a correct transfer.

Tools Used

Manual Review

Recommendations

Use safeTransfer() from Openzeppelin instead of transfer().

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.