The return value of an external transfer call is not checked
Attack scenario
Several tokens do not revert in case of failure and return false
If the token used in sweepToken function not reverted or return false if the transfer fails, will make a false confirmed transaction
Where the transaction is confirmed but the funds could not be transferred
Recommendation
Use SafeERC20, or ensure that the transfer return value is checked
0xdcota
commented
1 year ago
Git branch: M02
Affected smart contract
https://github.com/Fujicracy/fuji-v2/blob/1b939ec84af137db430fc2aa1b4c6f15e5254003/packages/protocol/src/abstracts/BaseRouter.sol#L106
Description
The return value of an external transfer call is not checked
Attack scenario
Several tokens do not revert in case of failure and return false If the
tokenused insweepTokenfunction not reverted or return false if the transfer fails, will make a false confirmed transaction Where the transaction is confirmed but the funds could not be transferredRecommendation
Use
SafeERC20, or ensure that the transfer return value is checked