The ERC20.transfer() and ERC20.transferFrom() functions return a boolean value indicating success. This parameter should be checked for success.
The SafetyWithdraw.withdrawERC20Token function does not check the return value:
function withdrawERC20Token(
address tokenAddress,
address to,
uint256 amount
) external override onlyOwner {
IERC20(tokenAddress).transfer(to, amount);
}
Impact
Some tokens do not revert if the transfer failed but return false instead.
Tokens that don't actually perform the transfer and return false are still counted as a correct transfer.
Recommended Mitigation Steps
We recommend using OpenZeppelin’s SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.
Handle
cmichel
Vulnerability details
The
ERC20.transfer()
andERC20.transferFrom()
functions return a boolean value indicating success. This parameter should be checked for success. TheSafetyWithdraw.withdrawERC20Token
function does not check the return value:Impact
Some tokens do not revert if the transfer failed but return
false
instead. Tokens that don't actually perform the transfer and returnfalse
are still counted as a correct transfer.Recommended Mitigation Steps
We recommend using OpenZeppelin’s
SafeERC20
versions with thesafeTransfer
andsafeTransferFrom
functions that handle the return value check as well as non-standard-compliant tokens.