Closed code423n4 closed 2 years ago
WatchPug
It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure.
Instances include:
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/TeamAllocation.sol#L63-L78
function sendAllocatedYETI() external { require(yetiSet); require(!allocationClaimed); for (uint i = 0; i < 7; i++) { address member = team[i]; uint amount = allocations[i]; require(YETI.transfer(member, amount)); } allocationClaimed = true; } function sendUnallocatedYETI(address _to, uint _amount) external onlyTeam { require(allocationClaimed); YETI.transfer(_to, _amount); }
L77 应该类似 L69 check return value for token.transfer call
token.transfer
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/StabilityPool.sol#L947-L947
IERC20(assets[i]).transfer(_to, amounts[i]);
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/YetiFinanceTreasury.sol#L25-L25
_token.transfer(_to, _amount);
Consider adding a require-statement or using safeTransfer.
safeTransfer
@LilYeti: Duplicate #1
Is severity level 2 for issue #1 and its duplicates
Fixed
Duplicate of #94
Handle
WatchPug
Vulnerability details
It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure.
Instances include:
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/TeamAllocation.sol#L63-L78
L77 应该类似 L69 check return value for
token.transfer
callhttps://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/StabilityPool.sol#L947-L947
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/YetiFinanceTreasury.sol#L25-L25
Recommendation
Consider adding a require-statement or using
safeTransfer
.