search

code-423n4 / 2021-12-amun-findings

0 stars 0 forks source link

Unsafe token transfer #198

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

Calling ERC20.transfer() without handling the returned value is unsafe.

https://github.com/code-423n4/2021-12-amun/blob/cf890dedf2e43ec787e8e5df65726316fda134a1/contracts/basket/contracts/singleJoinExit/SingleNativeTokenExitV2.sol#L104-L104

outputToken.transfer(msg.sender, outputTokenBalance);

Recommendation

Consider using OpenZeppelin's SafeERC20 library with safe versions of transfer functions.

loki-sama commented 2 years ago

duplicate #232

0xleastwood commented 2 years ago

Duplicate of #192