The return value of an external transfer call is not checked
Attack scenario
Several tokens do not revert in case of failure and return false
If the asset/asset_ token used in xReceive function, not reverted or return false if the transfer fails, the token balance will stuck in the contract and could be taken it on the next xReceive function call for other address
Recommendation
Use SafeERC20, or ensure that the transfer return value is checked
Affected smart contract
https://github.com/Fujicracy/fuji-v2/blob/50fd0b74ccee1a73a459118e50e044a2bcfacd10/packages/protocol/src/routers/ConnextRouter.sol#L171
Description
The return value of an external transfer call is not checked
Attack scenario
Several tokens do not revert in case of failure and return false If the
asset
/asset_
token used inxReceive
function, not reverted or return false if the transfer fails, the token balance will stuck in the contract and could be taken it on the nextxReceive
function call for other addressRecommendation
Use
SafeERC20
, or ensure that the transfer return value is checked