Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unchecked token transfer which may result in silent failure

dexcripter

Summary

the ERC-20transferFrom function does not throw an error or revert the transaction if it fails; instead, it returns a boolean value indicating success or failure. If this return value is not checked, it can lead to silent failures where the function proceeds as if the transfer was successful when it actually was not.

Vulnerability Details

If the transferFrom function fails silently, the subsequent logic in the contract may execute under the assumption that the transfer was successful. This can lead to inconsistencies in state and unexpected behavior in the application, as the contract may try to proceed with operations that depend on the successful transfer of tokens.

IERC20(swapPayload.tokenIn).transferFrom(msg.sender, address(this), swapPayload.amountIn);

This particular issue occured multiple times in differnt functions inside the scope of this audit, and i carefully noted them out here.

  • Files directory > src/utils/dex-adapters/

  1. UniswapV2Adapter.sol::executeSwapExactInput()

  2. UniswapV2Adapter.sol::executeSwapExactInputSingle()

  3. UniswapV3Adapter.sol::executeSwapExactInputSingle()

  4. UniswapV3Adapter.sol::executeSwapExactInput()

  5. Curvedapter.sol::executeSwapExactInputSingle()

  6. Curvedapter.sol::executeSwapExactInput()

Impact

Impact: Medium

Likelihood: High

Tools Used

Manual review + VS Code

Recommendations

bool success = IERC20(swapPayload.tokenIn).transferFrom(msg.sender, address(this), swapPayload.amountIn);
if (!success) revert Errors.TransferTokenFailed(); // you have to define a new Errors.TransferTokenFailed Error
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.