The safeTransfer() and safeTransferFrom functions in the TransferHelper library are used in core contracts like OpenLevV1Lib.sol and LPool.sol. These "safe" functions don't check the return value of the transfer function and are arguably not "safe". The commonly used OpenZeppelin implementation does check the return value to validate the transfer succeeded.
Handle
sirhashalot
Vulnerability details
Impact
The
safeTransfer()
andsafeTransferFrom
functions in the TransferHelper library are used in core contracts like OpenLevV1Lib.sol and LPool.sol. These "safe" functions don't check the return value of the transfer function and are arguably not "safe". The commonly used OpenZeppelin implementation does check the return value to validate the transfer succeeded.Proof of Concept
The two transfer functions in TransferHelper.sol do not check the return boolean of the low level call to the token address. In comparison, the OpenZeppelin SafeERC20 implementation does check the return boolean.
Recommended Mitigation Steps
Check the return boolean from the transfer operation to confirm it succeeded.