code423n4 commented 2 years ago

Handle

0x1f8b

Vulnerability details

Impact

Unsafe transfer was done.

Proof of Concept

In the method WJLP.wrap it's made a transferFrom and approve without checking the boolean result, ERC20 standard specify that the token can return false if the transfer was not made, so it's mandatory to check the result of transfer methods.

This also was seen in unwrapFor and _safeJoeTransfer methods.

Tools Used

Manual review

Recommended Mitigation Steps

Use safeTransfer, safeTransferFrom and safeApprove or check the boolean result

kingyetifinance commented 2 years ago

@LilYeti: Duplicate with #1

kingyetifinance commented 2 years ago

Fixed

alcueca commented 2 years ago

Duplicate of #94

code-423n4 / 2021-12-yetifinance-findings