Submission Details
Severity:
In RockPaperScissors.sol, the function `winningToken.transferFrom(msg.sender, address(this), 1);` is called without checking the return value. This can lead to unexpected behavior if the transfer fails.
Description : In RockPaperScissors.sol, the line winningToken.transferFrom(msg.sender, address(this), 1); is used to move a token from the player to the contract. However, it doesn’t check if the transfer was successful. This is risky because if the transfer fails and the code doesn’t notice, the rest of the contract might keep running as if everything is fine, which can lead to bugs or unexpected behavior.
Impact : If the transfer fails and the contract doesn't catch it, a player might enter the game without actually paying or the contract may behave as if it received the token when it didn't.
Tools Used : Slither , Vs code
Recommendations : It is recommended to use OpenZeppelin's SafeERC20 library
Updates
Appeal created
m3dython about 2 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Missing Check on External Call Return Value
ERC20 implementation typically reverts on transfer failures
m3dython about 2 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Missing Check on External Call Return Value
ERC20 implementation typically reverts on transfer failures
Rewards breakdown
nSLOC
349This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.