ERC-20 token transfers are possible by calling the transfer function on the ERC-20 token contracts.
This function returns a boolean which indicates whether the transfer was successful or not.
Currently, vouchers do not check the return value of function calls. They are simply ignored.
This means that applications that accept any ERC-20 token may generate ERC-20 token withdrawal vouchers which, when triggered, are marked as executed, but didn't actually succeed.
To be fair, this is extremely unlike. First, in most implementations of ERC-20 token contracts, including OpenZeppelin's, the function either returns true or reverts. Second, a token transfer would only fail if the application contract did not have enough tokens beforehand, which means the application back-end mistakenly emitted an ERC-20 token withdrawal voucher for which it did not have enough funds.
Users can transfer ERC-20 tokens to the application contract without doing so through an ERC-20 portal contract supported by the application back-end. This means that the actual balance of any given ERC-20 token is greater than or equal to the one presumed by the back-end. This assumes, of course, that the ERC-20 token contract is sound.
✔️ Solution
To make ERC-20 tokens even safer, we can create a library which does an ERC-20 token transfer while checking that it was successful by making sure transfer returns true.
📚 Context
ERC-20 token transfers are possible by calling the
transfer
function on the ERC-20 token contracts. This function returns a boolean which indicates whether the transfer was successful or not.Currently, vouchers do not check the return value of function calls. They are simply ignored. This means that applications that accept any ERC-20 token may generate ERC-20 token withdrawal vouchers which, when triggered, are marked as executed, but didn't actually succeed.
To be fair, this is extremely unlike. First, in most implementations of ERC-20 token contracts, including OpenZeppelin's, the function either returns
true
or reverts. Second, a token transfer would only fail if the application contract did not have enough tokens beforehand, which means the application back-end mistakenly emitted an ERC-20 token withdrawal voucher for which it did not have enough funds.Users can transfer ERC-20 tokens to the application contract without doing so through an ERC-20 portal contract supported by the application back-end. This means that the actual balance of any given ERC-20 token is greater than or equal to the one presumed by the back-end. This assumes, of course, that the ERC-20 token contract is sound.
✔️ Solution
To make ERC-20 tokens even safer, we can create a library which does an ERC-20 token transfer while checking that it was successful by making sure
transfer
returnstrue
.This depends on #258.