Token transfers assume reverting behavior but don’t handle false returns from non-compliant ERC20 tokens.
Location: createGameWithToken()
and joinGameWithToken()
Issue:
transferFrom()
calls lack return value checks
Could silently fail with tokens like USDT
High: Players might lose tokens without game registration
Contract state could desync from actual token balances
Manual review
Use SafeERC20
library from OpenZeppelin
Explicitly check transferFrom
return values
Code suggestions or observations that do not pose a direct security risk.
Code suggestions or observations that do not pose a direct security risk.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.