Not all IERC20 implementations revert() when there's a failure in transfer()/transferFrom(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a payment
Lines of code
377, 509, 491, 530, 42, 50
Vulnerability details
Not all
IERC20
implementationsrevert()
when there's a failure intransfer()
/transferFrom()
. The function signature has aboolean
return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a paymentAssessed type
other