Lack of safeTransferFrom Usage Leads to Potentially Unsafe Transfers in MembershipFactory
Summary
The MembershipFactory contract uses the transferFrom function instead of safeTransferFrom when transferring tokens, which could lead to potential issues with token compatibility and safety. This discrepancy may cause unintended behaviors, particularly when interacting with contracts that expect safeTransferFrom for enhanced safety checks.
Vulnerability Details
The vulnerability occurs in the MembershipFactory.sol contract, where transferFrom is used instead of safeTransferFrom for ERC20 token transfers. This oversight results in inconsistent token handling, as the corresponding MembershipERC1155 contract employs safeTransfer and safeTransferFrom.
Impact
This vulnerability could result in failed transfers or locked funds if tokens are sent to contracts that cannot handle them.
Tools Used
Manual Review
Recommended Mitigation
Replace all instances of transferFrom with safeTransferFrom in the MembershipFactory.sol contract. This ensures compatibility with contracts expecting tokens to be safely transferred and checked before receipt, aligning the token transfer process with the MembershipERC1155 standards.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.