Use safeTransfer()/safeTransferFrom() instead of transfer()/transferFrom()
Description:
In the codebase, both transfer and transferFrom functions are used to transfer the standard ERC20 token. However, these functions are not wrapped with safe functions like safeTransfer or safeTransferFrom, which are provided by the Openzeppelin library. The lack of safe function usage introduces a potential risk in token transfer.
Missing Return value Check: The
transferandtransferFromfunctions assume that the ERC20 tokens are standard and always return a boolean value indicating success. However, some tokens (notably older tokens or non-compliant ERC-20 implementations) do not return a value. In these cases, the functions will not revert if the transfer fails, leading to possible silent failures where the contract behaves as if the transfer succeeded, but the tokens were not actually moved.
Impact:
The absence of safe functions can lead to incorrect transfer operations, which might cause significant issues in the contract's logic, including the failure to properly distribute rewards, handle payments, or manage user balances. This could result in loss of funds or inconsistencies in the contract’s state, ultimately affecting the protocol’s reliability and trustworthiness.
Recommended Mitigation:
Replace all instances of transfer and transferFrom with safeTransfer and safeTransferFrom from the OpenZeppelin SafeERC20 library. These functions include necessary checks for the return value, ensuring the transfer operations behave as expected.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.