TSender

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Unchecked Return Values from `call`

tamoghna

Summary

This contract uses the call method to interact with the ERC20 token's transferFrom and transfer functions. ERC20 token function returns a boolean value. However, all tokens do not follow this standard strictly. Some tokens return nothing or revert on failure, without returning any boolean value.
This contract is vulnerable to reentrancy attacks because it does not check the return value of the call operation. It only checks if the call reverts or not. This approach can lead to erroneous transfers or a false assumption that the transfer was successful even when it might not be. Failing to handle non-standard tokens properly might lead to discrepancies and loss of funds.

Vulnerability Details

Problematic code

if iszero(call(gas(), tokenAddress, 0, 0x00, 0x64, 0, 0)) {

mstore(0x00, 0xfa10ea06) // cast sig "TSender__TransferFailed()"

revert(0x1c, 0x04)

}

// transfer the tokens

if iszero(call(gas(), tokenAddress, 0, 0x00, 0x44, 0, 0)) {

mstore(0x00, 0xfa10ea06) // cast sig "TSender__TransferFailed()"

revert(0x1c, 0x04)

}

Explanation
In both instances, the contract uses call to execute transferFrom and transfer functions. The success of these calls is solely determined by checking if the call reverts or not (iszero(call(...))). However, this does not account for the actual return value of the call, which is expected to be a boolean value, indicating for success (true) or failure (false).

Impact

It can have the following impact :

Loss of Funds: If a token transfer fails but the contract is not able to detect this, users might think they received tokens when they did not.
Misleading state: The contract might get into a state where it assumes transfers were successful, leading to further misleading actions based on false assumptions.

Tools Used

Forge, Remix

Recommendations

Use OpenZeppelin's SafeERC20 library :
The SafeERC20 library by OpenZeppelin includes safe wrappers around the ERC20 operations. These wrappers ensure that calls to the transferFrom and transfer functions correctly handle both standard-compliant tokens and non-compliant tokens. The library checks for the return value and reverts if the operation is unsuccessful.

Benefits of Using SafeERC20:

Standard compliance: Ensures that both standard and non-standard ERC20 tokens are handled.
Reduced risk: Mitigates issues of erroneous transfer and associated loss of funds.

By adopting SafeERC20, the contract can be robust and handle token transfers safely, ensuring the correctness and safety of airdrop operations.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

256

59 USDC / LOC

High Medium

12,500 USDC

Low

1,375 USDC

Judges

1,125 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.