Router.zapLiquidity(uint256,address,address) has unchecked transfers on lines 65, 67 and 69. Several tokens do not revert in case of failure and return false. If one of these tokens is used in Router, deposit will not revert if the transfer fails, and an attacker can call deposit for free.
SamusElderg
commented
3 years ago 
ghoul-sol
Handle
heiho1
Vulnerability details
Impact
Router.zapLiquidity(uint256,address,address) has unchecked transfers on lines 65, 67 and 69. Several tokens do not revert in case of failure and return false. If one of these tokens is used in Router, deposit will not revert if the transfer fails, and an attacker can call deposit for free.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Router.sol#L65
Tools Used
Slither
Recommended Mitigation Steps
There is no particular disadvantage to a
require(success, "!transfer")check.