Description

The function collectFee() transfers WETH tokens to the collector using .transfer(). However, transfer does not handle all ERC20 token implementations safely, which may lead to unexpected failures when interacting with certain tokens that implement non-standard behavior.

Risk

Likelihood:

• Occurs whenever the contract attempts to send tokens using transfer().

Impact:

• Potential of transaction silently fails.

• Interruption of fee collection, preventing proper execution.

Proof of Concept

• When collectFee() is called, it attempts to transfer WETH tokens.

• If the collector’s balance does not increase despite the transfer executing, it indicates the potential failure of .transfer().

• Replacing it with .safeTransfer() ensures correct token transfer handling, mitigating these risks.

Recommended Mitigation

Replace .transfer() with .safeTransfer() from OpenZeppelin’s SafeERC20 library, ensuring proper handling of token transfers, even for non-standard implementations:

This prevents issues related to unexpected token behaviors, improving compatibility and reliability.