Implement Balance Checks Before Token Transfers in DEX Adapters
Summary
The CurveAdapter, UniswapV2Adapter, and UniswapV3Adapter contracts currently lack balance checks prior to executing transferFrom calls. This oversight can lead to failed transactions, financial losses, and a degraded user experience. Implementing balance checks is essential to ensure that sufficient tokens are available for transfer before executing swaps.
Vulnerability Details
-
Lack of Balance Checks:
-
The contracts do not verify whether they have sufficient token balances before executing
transferFrom. This can result in:Failed Transfers: If the contract does not have enough tokens, the transfer will revert, leading to incomplete transactions.
User Frustration: Users may encounter unexpected errors without clear feedback on what went wrong.
-
-
Assumption of Successful Transfers:
Relying on the assumption that transfers will always succeed can lead to a false sense of security. If a transfer fails without proper handling, it can result in inconsistencies in token balances and overall contract state.
Impact
Transaction Failures: Users may face failed transactions due to insufficient token balances, leading to frustration and loss of trust in the protocol.
Financial Losses: If users attempt to swap tokens without adequate balances, they could inadvertently lose funds or face penalties due to transaction failures.
Operational Inefficiency: The lack of checks can lead to increased gas costs for users as failed transactions consume gas without achieving any results.
Tools Used
Manual review
Recommendations
Ensure that each call to transferFrom checks for success:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.