Some ERC20 transfers have require checks, e.g.: require(iERC20(_token).transfer(_member, _amount)); some don't, e.g.: iERC20(_token).transfer(_recipient, _amount);
It is a good practice to think about all the possible variations of ERC20s ( see: https://github.com/xwvvvvwx/weird-erc20 ).
dmvt
commented
3 years ago
Handle
paulius.eth
Vulnerability details
Impact
Some ERC20 transfers have require checks, e.g.: require(iERC20(_token).transfer(_member, _amount)); some don't, e.g.: iERC20(_token).transfer(_recipient, _amount); It is a good practice to think about all the possible variations of ERC20s ( see: https://github.com/xwvvvvwx/weird-erc20 ).
Recommended Mitigation Steps
The current most common solution is to use SafeERC20 transfers: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol