Summary

DaiGoldAuction.sol: 132

The Function bid `safeTransferFrom` assumes that the transfer of tokens is always succesful. It lacks a transfer success check. We should not always assume that a transfer is successful. There should be checks that check if the transfer was a success then the function should continue with its subsiquent logic otherwise, revert.

Vulnerability Details

The function does not verify if the safeTransferFrom call succeeded. If the transfer fails, subsequent logic will be executed under the false assumption that the tokens were successfully transferred.

Impact

If the transfer fails, the depositors mapping and EpochInfo storage will still be updated and the `deposit` event will still be emitted.

Tools Used

Recommendations

`bool success = bidToken.transferFrom(msg.sender, treasury, amount);

if (!success) { revert CommonEventsAndErrors.TransferFailed();

}`