`LibWellMinting` library we use IERC20 but not using the safeERC20 library for IERC20
Summary
In the LibWellMinting library, we interact with ERC-20 tokens using the IERC20 interface. However, the library does not utilize the SafeERC20 library, which provides safe wrappers around ERC-20 operations by handling common pitfalls in ERC-20 token interactions, such as missing return values.
Has the protocol is interacting with all ERC-20 in Farm
Tokens:
ERC-20 (all are accepted in Farm balances, a whitelist is accepted on the Deposit Whitelist, etc.)
Vulnerability Details
In the LibWellMinting library, we interact with ERC-20 tokens using the IERC20 interface. However, the library does not utilize the SafeERC20 library, which provides safe wrappers around ERC-20 operations by handling common pitfalls in ERC-20 token interactions, such as missing return values.
The problematic line is:
The corresponding Well contract uses IERC20 and ensures safety by using SafeERC20:
Impact
The main risk is that interacting directly with IERC20 can lead to issues if the token does not behave as expected (e.g., if it doesn't return a boolean value on transfer). The SafeERC20 library ensures that these operations revert on failure, providing additional safety.
Tools Used
Manual Review
Recommendations
To address this issue, the LibWellMinting library should use SafeERC20 when interacting with IERC20 tokens. This would involve importing SafeERC20 and modifying the code to use it.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.