Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unsafe Use of 'transfer()'/'transferFrom()' on ERC20

tsueti

Summary

Direct use of the 'transfer()' and 'transferFrom()' functions in ERC20 contracts may introduce vulnerabilities, especially in tokens that are not fully compliant with ERC20 standards. This can cause transaction failure and damage the reliability of the contract.

Vulnerability Details

In the contract 'FjordAuctionFactory.sol', a direct use of the 'transfer()' function was found to transfer ERC20 tokens. This function does not always return a boolean value, which can cause failure when a token not compliant with the ERC20 standard is called.

Impact

  • loss of tokens

  • transaction failure

  • can damage the integrity and reliability of the contract

Impacted Code

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuctionFactory.sol#L63

IERC20(auctionToken).transferFrom(msg.sender, auctionAddress, totalTokens);

Tools Used

Manual Analysis

Recommendations

Use the SafeERC20 library from OpenZeppelin which provides the 'safeTransfer()' and 'safeTransferFrom()' functions. These functions check the results of the transfer operation and ensure that the transaction is successful or return appropriate errors if it fails.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.