Token Transfer Vulnerability Due to Gas Cap and Missing CEI Compliance
Summary
This audit identifies vulnerabilities due to the use of transferFrom and transfer functions across multiple contracts which impose a 2300 gas cap. Also lack of CEI compliance for the LLMOracleCoordinator::request. These issues may cause transfer failures due to gas capped functions or open potential reentrancy risks.
Vulnerability Details
Several contracts use transferFrom and transfer functions with a capped gas limit and no CEI compliance, leading to potential transfer failures and reentrancy risks:
LLMOracleRegistry.sol (register function)
BuyerAgent.sol (withdraw function)
Swan.sol (transferRoyalties and purchase functions)
LLMOracleCoordinator.sol (request function) - missing CEI compliance inside the request function
Impact
Risk of transaction failures during token transfers or potential reentrancy vulnerabilities.
Tools Used
Manual code review
Recommendations
To address these issues, replace transferFrom and transfer with safeTransferFrom and safeTransfer in all instances listed above to improve gas flexibility and CEI compliance.
Lead Judging Commences
[KNOWN] - Low-35 Unsafe use of transfer()/transferFrom() with IERC20
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.