search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

unchecked return value from transfer() #110

Closed code423n4 closed 2 years ago

code423n4 commented 3 years ago

Handle

JMukesh

Vulnerability details

Impact

return value from transfer() should be checked because ,it give the indication wether call is successful or not and different type of token handle the error differently so it is safe to use SafeTransfer()

https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Auction.sol#L101

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Auction.sol#L146

Tools Used

manual review

Recommended Mitigation Steps

use safeTransfer()

frank-beard commented 3 years ago

duplicat of https://github.com/code-423n4/2021-09-defiprotocol-findings/issues/196

GalloDaSballo commented 2 years ago

Duplicate of #196