Use safeTransfer Instead of transfer for Secure Token Transfers
Summary
The contract currently uses the transfer function for ERC-20 token transfers. While transfer is the standard function for transferring tokens, it lacks additional checks to ensure compatibility with recipient contracts. This approach can result in potential issues when interacting with smart contracts that do not properly handle ERC-20 tokens, potentially leading to a loss of funds.
Vulnerability Details
The transfer function does not verify if the recipient is a contract capable of handling ERC-20 tokens. When tokens are sent to a smart contract that does not support token reception, such as one that lacks a fallback function or the necessary logic to manage incoming ERC-20 tokens, the tokens can be lost. The safeTransfer function, provided by the OpenZeppelin SafeERC20 library, wraps the transfer function with additional checks. It ensures the transaction reverts if the transfer fails, and it checks for recipient compatibility, preventing accidental token loss.
Impact
Lost Funds: Tokens transferred to an incompatible contract will be unrecoverable.
Unexpected Failures: If the recipient is a smart contract that requires specific handling for tokens, transfer will fail without helpful error handling.
Tools Used
Manual Review
Recommendations
Use safeTransfer Instead of transfer for Secure Token Transfers
Lead Judging Commences
[KNOWN] - Low-35 Unsafe use of transfer()/transferFrom() with IERC20
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.