code423n4 commented 2 years ago

Handle

Czar102

Vulnerability details

Impact

ERC20 tokens may not revert on failure, instead return false. Users may lose their funds as ERC20 calls may fail. They are made to unknown ERC20 tokens that have no additional constraints on their failure reporting.

Findings:

LaunchEvent.sol::458 => token.transfer(msg.sender, amount);
LaunchEvent.sol::464 => pair.transfer(msg.sender, balance);
LaunchEvent.sol::490 => token.transfer(msg.sender, amount);
LaunchEvent.sol::514 => token.transfer(issuer, balance);
LaunchEvent.sol::538 => token.transfer(penaltyCollector, excessToken);
LaunchEvent.sol::543 => WAVAX.transfer(penaltyCollector, excessWavax);
RocketJoeFactory.sol::133 => IERC20(_token).transferFrom(msg.sender, launchEvent, _tokenAmount);
RocketJoeStaking.sol::184 => rJoe.transfer(_to, rJoeBal);
RocketJoeStaking.sol::186 => rJoe.transfer(_to, _amount);

Tools used

Manual analysis c4udit

cryptofish7 commented 2 years ago

Duplicate of #232

dmvt commented 2 years ago

duplicate of #198

code-423n4 / 2022-01-trader-joe-findings

Unsafe ERC20 Operation(s) #272

Handle

Vulnerability details

Impact

Findings:

Tools used