The sellErc20()
function calls IERC20.transferFrom(msg.sender, address(this), amount);
without verifying whether the transfer was successful or not.
After updating internal balances and pushing a sell order, the function sellErc20()
calls:
If transferFrom()
fails but does not revert, the function will continue execution, leading to a state desynchronization where internal balances no longer match actual token balances.
If transferFrom()
does not revert and instead returns false
, the contract will assume the transfer was successful while tokens remain in msg.sender
's wallet.
This could allow users to manipulate balances, potentially leading to incorrect claims or improper accounting.
Manual review
Add a check after transfering the tokens to ensure transfer success.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.