search

code-423n4 / 2022-01-sherlock-findings

0 stars 0 forks source link

`sweepTokens`loop does not check for zero transfer amount #187

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Jujic

Vulnerability details

Impact

Transfer amount can be checked for > 0 before calling safeTransfer`. This can save gas by avoiding the external call.

Proof of Concept

https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/SherBuy.sol#L188

token.safeTransfer(msg.sender, token.balanceOf(address(this)));

Tools Used

Remix

Recommended Mitigation Steps

Check that transfer amount > 0 before executed.

jack-the-pug commented 2 years ago

The caller should do the check offline to save gas.