First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Safe ERC20 operations not used.

4th05

Summary

There are standard ERC20 operations (not safe) used in modules

Vulnerability Details

transferFrom vs safetransferFrom

function depositUSDC(address account, address to, uint256 amount) external {
deposit(to, amount);
usdc.transferFrom(account, address(this), amount);
crimeMoney.mint(to, amount);
}

transfer vs safetransfer

function withdrawUSDC(address account, address to, uint256 amount) external {
withdraw(account, amount);
crimeMoney.burn(account, amount);
usdc.transfer(to, amount);
}

Impact

Impact deriving from not using [Safe] (functionshttps://medium.com/@JohnnyTime/why-you-should-always-use-safeerc20-94f44aa852d8#:~:text=These%20%E2%80%9Csafe%E2%80%9D%20functions%20make%20sure,don't%20break%20our%20protocol.)

Tools Used

Manual review

Recommendations

Use safe ERC20 operations

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.