search

code-423n4 / 2022-01-dev-test-repo-findings

2 stars 1 forks source link

Some tokens may revert when zero value transfers are made #284

Open code423n4 opened 10 months ago

code423n4 commented 10 months ago

Lines of code

356, 371, 145, 272, 252, 116, 445, 374, 506, 488, 527, 41, 47, 237, 794, 159, 137

Vulnerability details

In spite of the fact that EIP-20 states that zero-valued transfers must be accepted, some tokens, such as LEND will revert if this is attempted, which may cause transactions that involve other tokens (such as batch operations) to fully revert. Consider skipping the transfer if the amount is zero, which will also save gas.

File: contracts/tOFT/BaseTOFT.sol

356                  "TOFT_allowed"
357              );
358          }
359:         IERC20(erc20).safeTransferFrom(_fromAddress, address(this), _amount);

371          if (erc20 == address(0)) {
372              _safeTransferETH(_toAddress, _amount);
373          } else {
374:             IERC20(erc20).safeTransfer(_toAddress, _amount);

File: contracts/tOFT/mTapiocaOFT.sol

145          if (_isNative) {
146              _safeTransferETH(msg.sender, _amount);
147          } else {
148:             IERC20(erc20).safeTransfer(msg.sender, _amount);

File: contracts/tOFT/modules/BaseTOFTLeverageModule.sol

272          if (erc20 == address(0)) {
273              _safeTransferETH(_toAddress, _amount);
274          } else {
275:             IERC20(erc20).safeTransfer(_toAddress, _amount);

File: contracts/tOFT/modules/BaseTOFTOptionsModule.sol

252                  })
253              );
254          } else {
255:             IERC20(tapSendData.tapOftAddress).safeTransfer(from, tapAmount);

File: contracts/Vesting.sol

116          users[msg.sender].claimed += _claimable;
117          users[msg.sender].latestClaimTimestamp = block.timestamp;
118  
119:         token.safeTransfer(msg.sender, _claimable);

File: contracts/governance/twTAP.sol

445          totals.totalDistPerVote[_rewardTokenId] +=
446              (_amount * DIST_PRECISION) /
447              uint256(totals.netActiveVotes);
448:         rewardToken.safeTransferFrom(msg.sender, address(this), _amount);

File: contracts/option-airdrop/AirdropBroker.sol

374          unchecked {
375              for (uint256 i = 0; i < len; ++i) {
376                  ERC20 paymentToken = ERC20(_paymentTokens[i]);
377                  paymentToken.transfer(
378                      paymentTokenBeneficiary,
379                      paymentToken.balanceOf(address(this))
380:                 );

506              _paymentToken.decimals()
507          );
508  
509          _paymentToken.transferFrom(
510              msg.sender,
511              address(this),
512              discountedPaymentAmount
513:         );

File: contracts/options/TapiocaOptionBroker.sol

488          unchecked {
489              for (uint256 i = 0; i < len; ++i) {
490                  ERC20 paymentToken = ERC20(_paymentTokens[i]);
491                  paymentToken.transfer(
492                      paymentTokenBeneficiary,
493                      paymentToken.balanceOf(address(this))
494:                 );

527              _paymentToken.decimals()
528          );
529  
530          _paymentToken.transferFrom(
531              msg.sender,
532              address(this),
533              discountedPaymentAmount
534:         );

File: contracts/tokens/LTap.sol

41       function deposit(uint256 amount) external {
42:          tapToken.transferFrom(msg.sender, address(this), amount);

47           require(block.timestamp > lockedUntil, "Still locked");
48           uint256 amount = balanceOf(msg.sender);
49           _burn(msg.sender, amount);
50:          tapToken.transfer(msg.sender, amount);

File: contracts/usd0/modules/USDOOptionsModule.sol

237                  })
238              );
239          } else {
240:             IERC20(tapSendData.tapOftAddress).safeTransfer(from, tapAmount);

File: contracts/Magnetar/modules/MagnetarMarketModule.sol

794          address _token,
795          uint256 _amount
796      ) private {
797:         IERC20(_token).safeTransferFrom(_from, address(this), _amount);

File: contracts/Swapper/BaseSwapper.sol

159              );
160              return amount;
161          }
162:         IERC20(token).safeTransferFrom(msg.sender, address(this), amount);

File: contracts/Swapper/CurveSwapper.sol

137                  0
138              );
139          } else {
140:             IERC20(tokenOut).safeTransfer(to, amountOut);

Assessed type

other