The contract makes external calls to ERC20 transfer
and approve
functions without handling cases where these functions return false
instead of reverting upon failure. While most ERC20 tokens revert on failure, some implementations may return false
, leading to potential issues if not handled correctly.
For example:
The SafeERC20
library from OpenZeppelin is used, which handles return values correctly for ERC20 functions. However, for custom external calls like those to the transmuter
contract, return values are not checked.
Silent Failures: If the external contract (transmuter
) fails to execute the function as expected and does not revert, the absence of return value checks could lead to undetected failures.
Inconsistent State: The contract may assume that operations succeeded when they did not, causing misalignment in the contract's state and expected behavior.
Check Return Values of External Calls: Ensure that any external calls which do not revert on failure have their return values checked.
Use Try-Catch Blocks: For external calls that might revert, use try-catch blocks to handle exceptions.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.