Snowman Merkle Airdrop
AI First Flight #10
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Use safeTransfer

nwokeephraim

Description

Under normal behavior, the protocol should safely transfer collected WETH fees to the designated fee collector and revert if the transfer fails to ensure funds are not silently lost and accounting remains correct.

However, the contract uses a direct ERC20 transfer call to send WETH to the collector without checking the return value or using SafeERC20.safeTransfer. For non-standard ERC20 implementations that return false instead of reverting on failure, the transfer can silently fail while execution continues, causing the protocol to assume fees were successfully transferred when they were not.

@> i_weth.transfer(s_collector, collection);

Risk

Likelihood:

  • This occurs whenever the token being transferred does not strictly follow the ERC20 specification and returns false instead of reverting.

  • The protocol assumes the transfer always succeeds and does not check the return value, so any silent failure will go unnoticed.

Impact:

  • WETH fees intended for the collector may never be received, resulting in stuck or lost funds.

  • Protocol accounting may incorrectly reflect that fees were collected, potentially leading to inconsistent balances or misreporting.

Proof of Concept

i_weth.transfer(s_collector, collection);

Recommended Mitigation

```diff
- i_weth.transfer(s_collector, collection);
+ i_weth.safeTransfer(s_collector, collection);
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 12 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!