Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`SafeERC20` should be utilized in the `Treasury.sol`.

kupiasec

Summary

The treasury manages protocol treasury funds with role-based access control. However, SafeERC20 is not utilized in the Treasury.sol. As a result, the treasury will not work well with some wired tokens.

Vulnerability Details

The treasury manages protocol treasury funds with role-based access control. However, SafeERC20 is not utilized in the Treasury.sol.

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/Treasury.sol#L50

@> IERC20(token).transferFrom(msg.sender, address(this), amount);

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/Treasury.sol#L75

@> IERC20(token).transfer(recipient, amount);

As a result, the treasury will not work well with some wired tokens.
This can cause several impacts.(The treasury cannot work with USDT on Ethereum. Or, it causes loss of fund when the token is a no-revert-on-failure token.)

Impact

The treasury will not work well with some wired tokens. In the worst case, this can cause a critical loss of fund.(When the token is a no-revert-on-failure token.)

Recommendations

SafeERC20 should be utilized in the Treasury.sol.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[INVALID] SafeERC20 not used

LightChaser Low-60

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!