The return value of an external transfer call is not checked
Attack scenario
Several tokens do not revert in case of failure and return false
If the asset token, extracting from data, used in onFlashLoan function, not reverted or return false if the transfer fails, the token balance will stuck in the contract
Recommendation
Use SafeERC20, or ensure that the transfer return value is checked
Git branch: M01
Affected smart contract
https://github.com/Fujicracy/fuji-v2/blob/50fd0b74ccee1a73a459118e50e044a2bcfacd10/packages/protocol/src/flashloans/FlasherEuler.sol#L60
Description
The return value of an external transfer call is not checked
Attack scenario
Several tokens do not revert in case of failure and return false If the
asset
token, extracting fromdata
, used inonFlashLoan
function, not reverted or return false if the transfer fails, the token balance will stuck in the contractRecommendation
Use
SafeERC20
, or ensure that the transfer return value is checked