Return values of transfer()/transferFrom() not checked
Summary
Not all ERC20 implementations revert() when there's a failure in transfer() or transferFrom(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually transfer anything.
Vulnerability Details
Impact
The impact of not checking the return value of transfer()/transferFrom() is that operations that should have marked as failed may potentially go through without actually making a payment. This can lead to unintended financial transactions.
Tools Used
Manual Review
Recommendations
To ensure the reliability and security of token transfers in your smart contract, it's crucial to check the return values of the transfer() and transferFrom() functions. These functions often return a boolean value indicating the success or failure of the transfer operation. By checking this return value, you can accurately determine whether the transfer was successful and handle any potential errors or failures accordingly. Failing to check the return value may lead to unintended and unhandled transfer failures, which could have security and usability implications.
Lead Judging Commences
Unchecked transfers
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.