Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds
Summary:
Some contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don’t check the existence of code at the token address. This is a known issue while using solmate’s libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds
Vulnerability Details:
The lack of a token contract existence check in SafeTransferLib can lead to failed transactions if the contract address is incorrect or the contract does not exist, potentially causing loss of funds or gas without achieving the intended transfer.
if safeTransfer() and safeTransferFrom() are called on a token address that doesn’t have a contract in it, it will always return success, bypassing the return value check. Due to this protocol will think that funds have been transferred successfully, and records will be accordingly calculated, but in reality, funds were never transferred. So this will lead to miscalculation and possibly loss of funds.
Impact:
lead to miscalculation and possibly loss of funds.
Tools Used:
Manual review
Recommendations:
Use openzeppelin’s safeERC20 library or implement a code existence check
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.