Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Treasury will not work with certain tokens

OpaBatyo

Summary

The treasury will not work with some tokens due to not implementing the SafeERC20 library meanwhile it is supposed to support multiple token types.

Vulnerability Details

The Treasury contract does not use the SafeERC20 library:

function deposit(address token, uint256 amount) external override nonReentrant {
if (token == address(0)) revert InvalidAddress();
if (amount == 0) revert InvalidAmount();
@> IERC20(token).transferFrom(msg.sender, address(this), amount);
_balances[token] += amount;
_totalValue += amount;
emit Deposited(token, amount);
}

This is an issue since the Treasury is supposed to accept multiple token types based on the _balances[token] mapping. Some quite popular tokens like USDT, BNB and others will not be able to be deposited into the treasury which could be problematic for the protocol depending on what they intend to support in the treasury.

Impact

Some popular tokens will not be compatible with deposits inside the Treasury contract.

Tools Used

Manual Review

Recommendations

Use OZ's SafeERC20 library.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[INVALID] SafeERC20 not used

LightChaser Low-60

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!