Submission Details
Severity:
Return Value of transferAndCall Not Checked
Summary
Return Value of OperatorVault::deposit()transfer function is not checked .
Vulnerability Details
This line in OperatorVault::deposit()
IERC677(address(token)).transferAndCall(address(stakeController), _amount, "");
doesn't check the return value of transferAndCall . The IERC677 implementation returns a bool , which is never checked.
Impact
While the likelihood is not that much , but if it fails , there will be inconsistency in thestate of the protocol and the vault.
The
trackedTotalDepositsvariable will still be updated which is used in many functions in the OperatorVault .
Recommendations
-
Add a require statement.
-
function deposit(uint256 _amount) external override onlyVaultController {trackedTotalDeposits += SafeCast.toUint128(_amount); //e Yes, it reverts but wouldn't it be good to add checks before-handtoken.safeTransferFrom(msg.sender, address(this), _amount);bool success = IERC677(address(token)).transferAndCall(address(stakeController), _amount, ""); //@audit Doesn't check the return value , nor there is an emit...the variables are still updated , there are no reverts, assuming the transaction to be succesful+ require(success, "Transfer and Call to stake controller failed");//Add events to track deposits.+ emit Deposited(msg.sender, _amount);}
-
Similar Findings 1
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.