Summary

The transferErcTokens function does not check the return value of IERC20.transferFrom().

Vulnerability Details

The transferErcTokens function does not check the return value of IERC20.transferFrom(). If the token transfer fails, the function continues execution, updating internal balances incorrectly. This can lead to users losing tokens or funds.

Impact

If transferFrom fails, observe that the function still updates balances, even though no actual transfer occurred.

Tools Used

Manuel review

Recommendations

Modify the function to check the return value of transferFrom and revert if it fails:

function transferErcTokens(address nftAddress, address to, uint256 amount) external {

if (nftAddress == address(0)) {

revert TokenDivider__NftAddressIsZero();

}

if (to == address(0)) {

revert TokenDivider__CantTransferToAddressZero();

}

if (amount == 0) {

revert TokenDivider__AmountCantBeZero();

}

ERC20Info memory tokenInfo = nftToErc20Info[nftAddress];

if (balances[msg.sender][tokenInfo.erc20Address] < amount) {

revert TokenDivider__NotEnoughErc20Balance();

}

bool success = IERC20(tokenInfo.erc20Address).transferFrom(msg.sender, to, amount);

if (!success) {

revert TokenDivider__TransferFailed();

}

balances[msg.sender][tokenInfo.erc20Address] -= amount;

balances[to][tokenInfo.erc20Address] += amount;

emit TokensTransfered(amount, tokenInfo.erc20Address);

}