search

code-423n4 / 2021-10-covalent-findings

0 stars 0 forks source link

Recommend to use OZ SafeERC20 library #1

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

xYrYuYx

Vulnerability details

Impact

This is too complicated steps to transfer ERC20 token which could use more gas. You don't need to check balance before transfer. If there is no enough balance, it SafeERC20 will revert. Also you don't need to check balance after transfer, because CQT does not have transaction fee.

Proof of Concept

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol

Tools Used

Recommended Mitigation Steps

Since there is no transaction fee in CQT token, you can use OZ SafeERC20 library to send or receive.

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L20 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L28

GalloDaSballo commented 2 years ago

The sponsor has applied the improvement