Open code423n4 opened 2 years ago
pauliax
Some token transfers use SafeERC20 library, some don't, e.g.:
vader.transferFrom(msg.sender, address(this), _amount); vader.safeTransfer(recipient, amount);
Even though you probably know the implementation of this token and trust it, it would be better to unify transfers across the codebase.
A safe approach is to use this library everywhere where transfers are happening.
This is a known implementation and as such the severity should be set to no risk.
Downgraded to code clarity issue, which is then acknowledged by the sponsor.
Handle
pauliax
Vulnerability details
Impact
Some token transfers use SafeERC20 library, some don't, e.g.:
Even though you probably know the implementation of this token and trust it, it would be better to unify transfers across the codebase.
Recommended Mitigation Steps
A safe approach is to use this library everywhere where transfers are happening.