Incorrect Use of transferFrom Instead of safeTransferFrom library
Summary
The joinDAO function in the provided Solidity code uses transferFrom instead of safeTransferFrom for transferring ERC20 tokens. This can lead to potential issues with token transfers, especially for tokens that require the use of safeTransferFrom to ensure safe and compliant transfers.
https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol
Vulnerability Details
The vulnerability is due to the use of transferFrom for transferring ERC20 tokens:
The transferFrom function does not perform any safety checks to ensure that the recipient can handle ERC20 tokens. This can lead to issues if the recipient is a contract that does not implement the necessary token handling functions, potentially resulting in lost tokens or failed transactions.
Impact
The incorrect use of transferFrom can result in:
Failed token transfers if the recipient is a contract that does not support ERC20 tokens.
Potential loss of tokens if they are sent to contracts that cannot handle them.
Tools Used
manual review
Recommendations
To fix the issue, replace transferFrom with safeTransferFrom to ensure safe and compliant token transfers. The updated code should be:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.