Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unsafe Using of `transferFrom`

aremson

Summary

Using of transferFrom to transfer Currency could result to loss of funds, because anyone could use it to transfer token using msgSender()if approval is made.

Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L146

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L147

Impact

This could cause loss of funds in the contract.

Tools Used

manual review

Recommendations

it is recommended to use the openzeppelin library or other secure library to use SafeTransferFrom. like this:

a library like this:

import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
-IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);
- IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);
+ IERC20(daos[daoMembershipAddress].currency).safeTansferFrom(_msgSender(), owpWallet, platformFees);
+ IERC20(daos[daoMembershipAddress].currency).safeTransferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
0xbrivan2 Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.