search

Fujicracy / fuji-v2

Cross-chain money market aggregator
https://fuji-v2-frontend.vercel.app
15 stars 10 forks source link

Unchecked transfer on `FlasherEuler.sol` #303

Closed rotcivegaf closed 1 year ago

rotcivegaf commented 1 year ago

Git branch: M01

Affected smart contract

https://github.com/Fujicracy/fuji-v2/blob/50fd0b74ccee1a73a459118e50e044a2bcfacd10/packages/protocol/src/flashloans/FlasherEuler.sol#L60

Description

The return value of an external transfer call is not checked

Attack scenario

Several tokens do not revert in case of failure and return false If the asset token, extracting from data, used in onFlashLoan function, not reverted or return false if the transfer fails, the token balance will stuck in the contract

Recommendation

Use SafeERC20, or ensure that the transfer return value is checked

0xdcota commented 1 year ago

This issue is addressed in pull request #553.