Closed cvetanovv closed 1 year ago
Certain ERC-20 tokens do not support zero-value token transfers and revert. As ERC20 can be an arbitrary token, in the case when such token doesn't allow for zero amount transfers. This may break systems.
FlasherEuler.sol
57: _requestorExecution(asset, amount, 0, requestor, requestorCalldata); 60: IERC20(asset).transfer(msg.sender, amount);
BaseRouter.sol
107: token.transfer(receiver, balance) 322: ERC20(token).safeTransferFrom(sender, address(this), amount);
BaseVault.sol
551: SafeERC20.safeTransferFrom(IERC20(asset()), caller, address(this), assets); 582: SafeERC20.safeTransfer(IERC20(asset()), receiver, assets);
BorrowingVault.sol
449: SafeERC20.safeTransfer(IERC20(asset), receiver, assets);
Add a check for zero-value token transfers.
Summary
Certain ERC-20 tokens do not support zero-value token transfers and revert. As ERC20 can be an arbitrary token, in the case when such token doesn't allow for zero amount transfers. This may break systems.
Proof of Concept
FlasherEuler.sol
BaseRouter.sol
BaseVault.sol
BorrowingVault.sol
Recommendation
Add a check for zero-value token transfers.