Returns by various ERC tokens are ignored whether they revert or just continue.
Proof of Concept
XOLE.withdrawDevFund() (contracts/XOLE.sol#61-67) ignores return value by oleToken.transfer(dev,toSend) (contracts/XOLE.sol#66)
Reserve.transfer(address,uint256) (contracts/Reserve.sol#30-35) ignores return value by oleToken.transfer(to,amount) (contracts/Reserve.sol#33)
OLETokenLock.releaseInternal(address) (contracts/OLETokenLock.sol#44-53) ignores return value by token.transfer(beneficiary,releaseAmount) (contracts/OLETokenLock.sol#51)
LPool.doTransferOut(address,uint256,bool) (contracts/liquidity/LPool.sol#294-301) ignores return value by IERC20(underlying).safeTransfer(to,amount) (contracts/liquidity/LPool.sol#299)
LPoolDepositor.transferToPool(address,uint256) (contracts/liquidity/LPoolDepositor.sol#29-33) ignores return value by IERC20(LPoolInterface(msg.sender).underlying()).safeTransferFrom(from,msg.sender,amount) (contracts/liquidity/LPoolDepositor.sol#32)
Handle
0v3rf10w
Vulnerability details
Impact
Returns by various ERC tokens are ignored whether they revert or just continue.
Proof of Concept