search

code-423n4 / 2021-10-ambire-findings

0 stars 0 forks source link

Using SafeERC20 in recoverFunds() #44

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

cryptojedi88

Vulnerability details

Impact

Some ERC20 tokens (major ones like USDT, BNB) have a vulnerability "Missing Return Value Bug". If this contract has to deal with those tokens, it might pose a problem.

Recommended Mitigation Steps

In the contract Zapper.sol, safeERC20 library should be used to implement the ERC20 token transfer functionality. This library is already being used for approve in this contract, so might as well use it for transfer

Ivshti commented 2 years ago

duplicate of #9 #35 #47 - see explanations in there

GalloDaSballo commented 2 years ago

Duplicate of #35