Beanstalk Part 2
Beanstalk
DeFiHardhat
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Don't check return value of IERC20 transferFrom function will cause add more liquidity

pks271

Summary

LibFertilizer#addFertilizer function don't check IERC.transferFrom return value will cause protocol add more liquidity than actually.

Vulnerability Details

When call LibFertilizer#addFertilizer function transfer barnRaiseToken to contract, it don't check the transferFrom return value if true or false, some tokens transferFrom function may return false rather than revert, in such cases, because protocol don't check the return value and continue call IWell(barnRaiseWell).addLiquidity will cause protocol add more liquidity than actually, make liquidity account error, but the sender transfer nothing actually.

Impact

Protocol will add more liquidity than actually.

Tools Used

vscode, Manual Review

Recommendations

Check the return value of IERC20#transferFrom function.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Unchecked transfers

0x11singh99 Judge
about 1 year ago
giovannidisiena Lead Judge
about 1 year ago
giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Unchecked transfers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.