`Rescuable::_safe_transfer_from` uses low level `call` method to transfer tokens, can fail in certain scenarios.
Summary
Rescuable::_safe_transfer_from uses low level call method to transfer tokens
Vulnerability Details & Impact
As per the documentation the supported tokens are:
ETH
WETH
ERC20 (any token that follows the ERC20 standard)
Rescuable::_safe_transfer_from uses low level call method to transfer tokens, it can lead to issues like:
Using low-level
callfor ERC20 transfers can be vulnerable. It does handles the different implementations oftransferFromcorrectly.It only checks if the call was successful, and not if the transfer itself was successful. Some ERC20 tokens return boolean and some tokens don't. E.g. USDT doesn't return a boolean, in case the call is successful but transfer fails there is no way to identify that.
No checks for 0 address present. Can make tokens permanently stuck in case 0 address is entered.
Tools Used
Manual review
Recommendations
Use OpenZeppelin's safeTransferFrommethod, which accounts for all different scenarios.
Lead Judging Commences
[invalid] finding-weird-erc-20-return-boolean-Rescuable
I believe the issues and duplicates do not warrant low severity severity as even if the call to transfers returns false instead of reverting, there is no impact as it is arguably correct given there will be insufficient funds to perform a rescue/withdrawal. This will not affect `tillIn()` as there are explicit balance [checks that revert accordingly](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L255-L260) to prevent allowing creation of offers without posting the necessary collateral
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.