Ignores return value by winningToken.transferFrom(msg.sender, address(this), 1);
Summary
The joinGameWithToken() function calls transferFrom() on an ERC-20 token but does not check the return value. This could result in the game logic continuing even if the token transfer fails, leading to potential abuse or incorrect game state.
Vulnerability Details
Function:
joinGameWithToken(uint256 _gameId) external
Vulnerable code
The ERC-20 standard specifies that transferFrom() should return a bool indicating success. Failing to check this return value assumes the transfer always succeeds. If a non-compliant or malicious token returns false, the function will continue executing and allow the player to join without actually transferring the required token
Impact
Inconsistent state: The game assumes it holds a token it never received.
Potential abuse: Attackers could use a fake or faulty ERC-20 to join games for free.
Game logic bypass: Players can join a token-based game without contributing the required token.
Tools Used
Manual review
Recommendations
Check the return value of transferFrom():
Appeal created
Missing Check on External Call Return Value
ERC20 implementation typically reverts on transfer failures
Missing Check on External Call Return Value
ERC20 implementation typically reverts on transfer failures
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.