recoverTokens is the owner's emergency function to retrieve tokens stuck in the contract. The ERC20 transfer return value is not checked.
Non-reverting ERC20 tokens, such as USDT, return false on transfer failure instead of reverting. The function treats the call as successful regardless of the return value.
Likelihood:
Tokens like USDT, BNB, and OMG return false on failure rather than reverting — a call with insufficient balance returns false without any revert
The function is called precisely in emergency scenarios where the token state may be irregular
Impact:
The owner believes tokens were recovered when they were not — emergency recovery silently fails
In an active exploit scenario, this delays the owner's ability to drain remaining funds to safety
Use OpenZeppelin's SafeERC20.safeTransfer() which wraps the transfer call and explicitly reverts if the return value is false or if no return value is given. This covers both reverting and non-reverting ERC20 implementations uniformly.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.