ERC20 `transfer` Return Value Is Not Checked in `Stratax::recoverTokens`
ERC20 transfer Return Value Is Not Checked in Stratax::recoverTokens
Description:
The function calls IERC20(_token).transfer(...) without verifying whether the token transfer succeeded:
Some ERC20 tokens return false on failure rather than reverting. Ignoring the return value can make the call appear successful while no tokens are actually transferred.
Impact:
Medium. In emergency recovery flows, a silent failure can cause tokens to remain stuck and complicate incident response and operations.
Recommended Mitigation:
At minimum, check the boolean return value (note: this still won’t handle tokens that don’t return a bool):
Lead Judging Commences
WEIRD ERC20 Tokens
Currently there is no support for weird ERC20 tokens i.e. FOT tokens, missing return values, reentrancy etc.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.