Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incompatible Token Transfers - Risk of Failure and DoS in Non-standard ERC20s

jesjupyter

Summary

Using tokens that do not conform to standard ERC20 behavior, such as missing return values or non-reverting transfers, may lead to unexpected failures and security risks.

Vulnerability Details

The project’s accounting system currently supports only WBTC, USDC, and WETH. However, if tokens outside this set were introduced, compatibility issues could arise.

Some tokens do not revert on failure or may lack return values for certain functions, such as transferFrom, which can cause problems.

Example:

IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);

If a token does not revert on failure or lacks a return value, this could lead to loss of funds for the DAO or unexpected DoS.

Impact

Allowing unsupported tokens could lead to vulnerabilities, unexpected failures, or DoS, compromising the contract’s reliability.

Tools Used

Manual

Recommendations

Use safeTransferLib to ensure secure and compatible token transfers, avoiding issues with non-standard ERC20 tokens.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!