Summary

The MembershipFactory contract uses the transferFrom function instead of safeTransferFrom when transferring tokens, which could lead to potential issues with token compatibility and safety. This discrepancy may cause unintended behaviors, particularly when interacting with contracts that expect safeTransferFrom for enhanced safety checks.

Vulnerability Details

The vulnerability occurs in the MembershipFactory.sol contract, where transferFrom is used instead of safeTransferFrom for ERC20 token transfers. This oversight results in inconsistent token handling, as the corresponding MembershipERC1155 contract employs safeTransfer and safeTransferFrom.

Impact

This vulnerability could result in failed transfers or locked funds if tokens are sent to contracts that cannot handle them.

Tools Used

Manual Review

Recommended Mitigation

Replace all instances of transferFrom with safeTransferFrom in the MembershipFactory.sol contract. This ensures compatibility with contracts expecting tokens to be safely transferred and checked before receipt, aligning the token transfer process with the MembershipERC1155 standards.