Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Transfer Failures and Token Exploits by `transferFrom` Functions in the Adapter Contracts

eta

Summary

The use of transferFrom in UniswapV2Adapter, UniswapV3Adapter, and CurveAdapter contracts introduces several risks, including undetected transfer failures, especially with tokens like USDT that return false instead of reverting. Non-standard tokens may exploit this by falsely signaling successful transfers while failing to execute them, potentially leading to fund loss or unexpected behavior. Additionally, transferFrom relies on sufficient approval from the sender, and in some cases, tokens may mismanage allowance updates, causing unauthorized transfers or insufficient funds.

Vulnerability Details

src/utils/dex-adapters/CurveAdapter.sol:executeSwapExactInputSingle#L80

src/utils/dex-adapters/CurveAdapter.sol:executeSwapExactInput#L106

src/utils/dex-adapters/UniswapV2Adapter.sol:executeSwapExactInputSingle#L80

src/utils/dex-adapters/UniswapV2Adapter.sol:executeSwapExactInput#L110

src/utils/dex-adapters/UniswapV3Adapter.sol:executeSwapExactInputSingle#L86

src/utils/dex-adapters/UniswapV3Adapter.sol:executeSwapExactInput#L117

IERC20(swapPayload.tokenIn).transferFrom(msg.sender, address(this), swapPayload.amountIn);

The use of transferFrom in the UniswapV2Adapter, UniswapV3Adapter, and CurveAdapter contracts exposes the system to risks related to token transfers. Specifically, certain tokens like USDT may return false instead of reverting on failure, which can go undetected, leading to failed transfers while the transaction continues executing, making it difficult to detect failures.

And some tokens may not return values, incorrectly update allowances, or fail without reverting, leaving room for malicious tokens to return true without actually transferring the funds.
Additionally, transferFrom requires sufficient approval from the sender, and in some cases, tokens may incorrectly reduce allowances or fail to handle insufficient approval properly.

Impact

Unnoticed Transfer Failures: Direct use of transferFrom may not capture transfer failures, leading to inconsistent state changes and potential loss of assets.
Vulnerabilities from Non-standard ERC20 Tokens: Non-standard tokens could exploit transferFrom to falsely signal success while failing to execute the transfer, potentially siphoning funds or causing unexpected behavior.
Allowance Issues: Mismanagement of allowances may occur, resulting in unauthorized transfers or insufficient funds being transferred.

Tools Used

Manual Code Review

Recommendations

It is recommended to replace transferFrom with safeTransferFrom and use SafeERC20 to ensure proper handling of return values, non-standard tokens, and balance checks.

Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.