Tadle

Github

• https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L56

• https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L137

Summary

The TokenManager contract exhibits inconsistent usage of token transfer functions between the tillIn and withdraw functions. This inconsistency can lead to potential issues in token handling and transfer operations. Specifically, different functions (_safe_transfer and _transfer) are used for different token types, and this inconsistency may affect the reliability and security of the contract.

Vulnerability Details

The tillIn function deposits native token into the wrapped token contract and then uses _safe_transfer to move the wrapped token to the capital pool. While for ERC20 tokens, _transfer is used to handle the transfer from the account address to the capital pool address.

The withdraw function uses _transfer to move wrapped native tokens from the capital pool to the contract itself. It then withdraws the native token from the wrapped token contract and transfers it to the caller. While for ERC20 tokens, _safe_transfer_from is used to transfer tokens from the capital pool to the caller.

This inconsistency can lead to confusion and potential errors in token transfer logic. The functions may not handle token transfers uniformly, which can affect the contract's reliability and security.

Impact

Different transfer functions may have varying security characteristics. For example, _safe_transfer and _transfer handle error checking and reverts differently. Using them interchangeably without proper consideration could introduce vulnerabilities or unexpected behavior.

Tools Used

Manual Review

Recommendations

Align the use of _safe_transfer, & _transfer across the tillIn and withdraw functions. Choose a consistent function for handling each type of token transfer.