The original implementation of the token transfer
function in the assembly code fails to correctly handle scenarios where the token contract's transfer function returns false
.
The call
opcode sends a message call to the token contract's transfer
function and checks if the call was successful using the iszero
function. However, this only checks if the call did not encounter an exception (e.g., out of gas or revert) and does not verify the actual return value of the transfer function.
If the transfer
function returns false
(indicating a failed transfer), the call
still returns 1
, meaning the assembly code incorrectly assumes the transfer was successful.
The contract may proceed under the false assumption that the token transfer was successful when it was not. This can lead to:
Incorrect state updates in the contract.
Potential loss of funds or tokens if subsequent operations rely on the successful transfer.
Menual review
To mitigate this issue, the assembly code should be enhanced to explicitly check the return value of the transfer function. Here is an example approach.
The nested if statement checks if the call was successful and if the returned data is false. If both conditions are met, it reverts the transaction with a custom error message.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.