Vyper Vested Claims
First Flight #34
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Insufficient ERC20 Transfer Handling

mishraji874

Description: The contract assumes that all ERC20 tokens return a boolean value for transfers and that a successful transfer always returns true. However, some tokens don't follow the ERC20 standard strictly—they might not return a value or could revert on failure instead of returning false.

Lines 175-176 and 203-204:

_success: bool = extcall IERC20(self.token).transfer(to, amount)
assert _success, "Transfer failed"

Impact: If the contract is used with non-standard ERC20 tokens, it might:

  1. Fail to process valid transfers if the token doesn't return a value

  2. Not properly detect failed transfers if the token returns a non-boolean value

  3. Revert unexpectedly due to incompatible interfaces

Recommended Mitigation: Use a more robust approach to handle various ERC20 implementations:

# Use a try-catch pattern if supported in your Vyper version
@external
def claim(user: address, total_amount: uint256, proof: DynArray[bytes32, 20]) -> bool:
# ... existing code ...
# Transfer with better error handling
raw_call(
self.token,
concat(
method_id("transfer(address,uint256)"),
convert(user, bytes32),
convert(claimable, bytes32)
),
max_outsize=32
)
# Check if transfer was successful by verifying the new balance
# This is a more reliable approach for various ERC20 implementations
return True
Updates

Appeal created

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.