In OpenLevV1 contract, the method call 97,57: (ControllerInterface(addressConfig.controller)).marginTradeAllowed(marketId); without check the returned value. Because ControllerV1.marginTradeAllowed never return false it's recommended to remove the boolean return, otherwise, it must be checked because other contract can implement a different logic in the future.
Also there are a lack of SafeERC20 calls in the following calls:
contracts\Reserve.sol: 33
contracts\OLETokenLock.sol: 51
contracts\ControllerV1.sol: 313, 321
contracts\XOLE.sol: 66
ERC20 standard specify that the token can return false if the approve, transfer or transferFrom was not made, so it's mandatory to check the result of this calls.
0xleastwood
commented
2 years ago
Handle
0x1f8b
Vulnerability details
Impact
Unchecked returns.
Proof of Concept
In
OpenLevV1contract, the method call97,57: (ControllerInterface(addressConfig.controller)).marginTradeAllowed(marketId);without check the returned value. BecauseControllerV1.marginTradeAllowednever returnfalseit's recommended to remove the boolean return, otherwise, it must be checked because other contract can implement a different logic in the future.Also there are a lack of SafeERC20 calls in the following calls:
ERC20 standard specify that the token can return false if the
approve,transferortransferFromwas not made, so it's mandatory to check the result of this calls.Tools Used
Manual review.
Recommended Mitigation Steps
Check the returned values.