MorpheusAI

Summary

The GatewayRouterMock, SwapRouterMock and WStETHMock contracts include functions that perform token transfers without utilizing the SafeERC20 library from OpenZeppelin, which can lead to vulnerabilities due to improper handling of ERC20 token transfers. Due to inconsistent implementations of the standard, direct interactions with ERC20 tokens can lead to unexpected behaviors, particularly concerning the return values of functions like transfer and transferFrom.

Vulnerability Details

Some ERC20 token contracts may not adhere to the standard's requirement to return a boolean value indicating the success or failure of operations. This can result in contracts incorrectly assuming the outcome of a token transfer.

These contracts include functions that perform token transfers without utilizing the SafeERC20 library from OpenZeppelin:

• contracts/mock/GatewayRouterMock.sol Line: 16

IERC20(_token).transferFrom(msg.sender, _to, _amount);

-contracts/mock/SwapRouterMock.sol Line: 9

IERC20(params_.tokenIn).transferFrom(msg.sender, address(this), params_.amountIn);

• contracts/mock/SwapRouterMock.sol Line: 10

IERC20(params_.tokenOut).transfer(params_.recipient, params_.amountIn);

• contracts/mock/tokens/WStETHMock.sol Line: 25

stETH.transferFrom(msg.sender, address(this), stETHAmount_);

Impact

ERC20 functions may not behave as expected. For example: return values are not always meaningful. The primary impact of these vulnerabilities includes the potential for lost funds or failed transactions without proper error handling. Contracts might assume a token transfer was successful when it was not, leading to discrepancies in the contract's internal state versus the actual token balances.

Tools Used

Aderyn

Recommendations

To mitigate the risks associated with direct ERC20 token interactions, it is recommended to use OpenZeppelin's SafeERC20 library in both contracts.