Closed code423n4 closed 3 years ago
See https://github.com/code-423n4/2021-06-pooltogether-findings/issues/112
Severity is 1 (Low Risk)
because if the transfer failed, the following deposit would fail. It could use a clearer error message, however
duplicate of #112
Handle
JMukesh
Vulnerability details
Impact
return value from transfer()/ transferFrom() confirm the success of that function call, these return should be checked
Proof of Concept
https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call
https://github.com/code-423n4/2021-06-pooltogether/blob/main/contracts/yield-source/BadgerYieldSource.sol#L79
https://github.com/code-423n4/2021-06-pooltogether/blob/main/contracts/yield-source/SushiYieldSource.sol#L48
https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/yield-source/SushiYieldSource.sol#L89
Tools Used
Manual analysis
Recommended Mitigation Steps
utilise the return value to check the success of the function