search

code-423n4 / 2021-12-vader-findings

0 stars 0 forks source link

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom #177

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

defsec

Vulnerability details

Impact

It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.

Reference: This similar medium-severity finding from Consensys Diligence Audit of Fei Protocol: https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call

Proof of Concept

  1. Navigate to the following contracts.
  2. transfer/transferFrom functions are used instead of safe transfer/transferFrom on the following contracts.
https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/tokens/USDV.sol#L73

https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/tokens/USDV.sol#L137

https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/tokens/USDV.sol#L161

Tools Used

Code Review

Recommended Mitigation Steps

Consider using safeTransfer/safeTransferFrom or require() consistently.

0xstormtrooper commented 2 years ago

Vader.transfer, Vader.transferFrom always returns true or the call fails. There is no need to check return value.

jack-the-pug commented 2 years ago

Dup of #39