search

code-423n4 / 2022-01-dev-test-repo-findings

2 stars 1 forks source link

Return values of transfer()/transferFrom() not checked #381

Open code423n4 opened 7 months ago

code423n4 commented 7 months ago

Lines of code

377, 509, 491, 530, 42, 50

Vulnerability details

Not all IERC20 implementations revert() when there's a failure in transfer()/transferFrom(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a payment

File: contracts/option-airdrop/AirdropBroker.sol

377                  paymentToken.transfer(
378                      paymentTokenBeneficiary,
379                      paymentToken.balanceOf(address(this))
380:                 );

509          _paymentToken.transferFrom(
510              msg.sender,
511              address(this),
512              discountedPaymentAmount
513:         );

File: contracts/options/TapiocaOptionBroker.sol

491                  paymentToken.transfer(
492                      paymentTokenBeneficiary,
493                      paymentToken.balanceOf(address(this))
494:                 );

530          _paymentToken.transferFrom(
531              msg.sender,
532              address(this),
533              discountedPaymentAmount
534:         );

File: contracts/tokens/LTap.sol

42:          tapToken.transferFrom(msg.sender, address(this), amount);

50:          tapToken.transfer(msg.sender, amount);

Assessed type

other