Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Transfer Success Check in sellErc20() function

0xalipede

Summary

The sellErc20() function calls IERC20.transferFrom(msg.sender, address(this), amount); without verifying whether the transfer was successful or not.

Vulnerability Details

Link: https://github.com/Cyfrin/2025-01-pieces-protocol/blob/4ef5e96fced27334f2a62e388a8a377f97a7f8cb/src/TokenDivider.sol#L248

After updating internal balances and pushing a sell order, the function sellErc20() calls:

// Signature
function transferFrom(address from, address to, uint256 value) external returns (bool);
// Call
IERC20(tokenInfo.erc20Address).transferFrom(msg.sender,address(this), amount);

If transferFrom() fails but does not revert, the function will continue execution, leading to a state desynchronization where internal balances no longer match actual token balances.

Impact

  • If transferFrom() does not revert and instead returns false, the contract will assume the transfer was successful while tokens remain in msg.sender's wallet.

  • This could allow users to manipulate balances, potentially leading to incorrect claims or improper accounting.

Tools Used

Manual review

Recommendations

Add a check after transfering the tokens to ensure transfer success.

function sellErc20(address nftPegged, uint256 price,uint256 amount) external {
...
bool transferSuccess = IERC20(tokenInfo.erc20Address).transferFrom(msg.sender,address(this), amount);
if(!transferSuccess) {
revert TokenDivider__TransferFailed();
}
}
Updates

Lead Judging Commences

fishy Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.