Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unsafe ERC20 Token Transfers Not Checked for Success

0xvd

Summary

The LLMOracleCoordinator contract does not check the return values of ERC20 token transfers.

Some ERC20 tokens (like USDT) do not revert on failure but return false instead.

This could lead to silent failures where fees appear to be paid or withdrawn but the transfers actually failed.

Vulnerability Details

The contract assumes all ERC20 transfers will revert on failure, but this isn't true for all tokens.

Here are the affected locations:

// In withdrawPlatformFees()
function withdrawPlatformFees() public onlyOwner {
feeToken.transfer(owner(), feeToken.balanceOf(address(this))); // Return value not checked
}
// In request()
function request(bytes32 protocol, bytes memory input, bytes memory models, LLMOracleTaskParameters calldata parameters) public {
// ...
feeToken.transferFrom(msg.sender, address(this), totalfee); // Return value not checked
}

Similar issues exist in LLMOracleRegistry::register, BuyerAgent::withdraw, Swan::transferRoyalties, Swan::purchase functions

Impact

Tasks could be created without proper fee payment

Fee withdrawals could silently fail

Tools Used

Manual Review

Recommendations

Use OpenZeppelin's SafeERC20 library or implement manual checks

function withdrawPlatformFees() public onlyOwner {
uint256 amount = feeToken.balanceOf(address(this));
require(feeToken.transfer(owner(), amount), "Fee transfer failed");
}
function request(/* params */) public returns (uint256) {
// ...
require(
feeToken.transferFrom(msg.sender, address(this), totalfee),
"Fee payment failed"
);
// ...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[KNOWN] - Low-35 Unsafe use of transfer()/transferFrom() with IERC20

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.