code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

Use SafeTransfer/TransferHelper for BadgerYieldSource #100

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

a_delamo

Vulnerability details

Impact

The Badger token will not throw an exception if transfer/transferFrom is unsuccessful. So we could use TransferHelper/SafeTransfer in order to run the validation everything went fine.

// https://etherscan.io/address/0x3472A5A71965499acd81997a54BBA8D852C6E53d#code
function doTransfer(address _from, address _to, uint _amount) internal returns(bool) {
        if (_amount == 0) {
            return true;
        }
        require(parentSnapShotBlock < block.number);
        // Do not allow transfer to 0x0 or the token contract itself
        require((_to != 0) && (_to != address(this)));
        // If the amount being transfered is more than the balance of the
        //  account the transfer returns false
        var previousBalanceFrom = balanceOfAt(_from, block.number);
        if (previousBalanceFrom < _amount) {
            return false;
        }
        // Alerts the token controller of the transfer
        if (isContract(controller)) {
            // Adding the ` == true` makes the linter shut up so...
            require(ITokenController(controller).onTransfer(_from, _to, _amount) == true);
        }
        // First update the balance array with the new value for the address
        //  sending the tokens
        updateValueAtNow(balances[_from], previousBalanceFrom - _amount);
        // Then update the balance array with the new value for the address
        //  receiving the tokens
        var previousBalanceTo = balanceOfAt(_to, block.number);
        require(previousBalanceTo + _amount >= previousBalanceTo); // Check for overflow
        updateValueAtNow(balances[_to], previousBalanceTo + _amount);
        // An event to make the transfer easy to find on the blockchain
        Transfer(_from, _to, _amount);
        return true;
    }

Tools Used

Editor

asselstine commented 3 years ago

See https://github.com/code-423n4/2021-06-pooltogether-findings/issues/112

dmvt commented 3 years ago

duplicate of #112