code423n4 commented 2 years ago

Handle

cmichel

Vulnerability details

The ERC20.transfer(), ERC20.transferFrom(), ERC20.approve() functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead.

Examples:

WJLP.wrap: JLP.transferFrom(_from, address(this), _amount);
WJLP.wrap: JLP.approve(address(_MasterChefJoe), _amount);

Impact

As the checks are only missing on specific JLP tokens that assumably revert on failed transfers, the impact is low.

Recommended Mitigation Steps

We still recommend checking at least the return value as a best practice. Consider using OpenZeppelin’s SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant staking tokens.

kingyetifinance commented 2 years ago

@LilYeti: Duplicate #1

kingyetifinance commented 2 years ago

Fixed, nothing new compared to https://github.com/code-423n4/2021-12-yetifinance-findings/issues/94

alcueca commented 2 years ago

Duplicate of #94

code-423n4 / 2021-12-yetifinance-findings

ERC20 return values not checked #207

Handle

Vulnerability details

Impact

Recommended Mitigation Steps