PierrickGT
commented
3 years ago Closed code423n4 closed 3 years ago
PierrickGT
commented
3 years ago 
0xean
commented
3 years ago duplicate of #61
Handle
pauliax
Vulnerability details
Impact
function redeemToken sends tokens to the msg.sender by using safeTransferFrom: _depositToken.safeTransferFrom(address(this), msg.sender, redeemableBalance); For safeTransferFrom to work it needs to have an enough approval. In this case, obviously this contract does not approve every msg.sender for redeemableBalance, so I expect this function to fail in practice. When the sender is address(this) it is best to use safeTransfer function: _depositToken.safeTransfer(msg.sender, redeemableBalance);