The sweepAll
function in the MErc20DelegateMadFixer
contract contains a vulnerability in its token transfer mechanism. It expects a boolean value back from the transfer
function of the ERC20 token interface, which is not guaranteed by all ERC20 tokens. Tokens like USDT do not conform to this behavior, potentially leading to unexpected behavior or failed transactions.
The vulnerable code segment is as follows:
Here, the contract expects a boolean value success
back from the transfer
function, assuming it indicates the success or failure of the transfer operation. However, not all ERC20 tokens adhere to this convention. Some tokens, like USDT, do not return a boolean value from their transfer
function. Therefore, relying on success
as an indicator of a successful transfer is unreliable.
This vulnerability could lead to unexpected behavior or failed transactions when interacting with ERC20 tokens that do not return a boolean value from their transfer
function. In the worst case, it could result in locked or lost funds if the contract misinterprets the outcome of the token transfer operation.
Manual review
To mitigate this vulnerability:
Use a safe transfer mechanism that handles the return value of the token transfer function appropriately. Libraries like OpenZeppelin's SafeERC20
provide safe implementations of token transfers.
Ensure that the contract handles failed token transfers gracefully, possibly by reverting the transaction or implementing a mechanism for retrying the transfer.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.