in the https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeFactory.sol#L98 the user can create launchevent, and providing _token to the launchevent contract, however, some token may behave differently when handling a failed transfer and transferFrom, some token may handle failed transfer and transferFrom by returning a false condition rather than reverting the transaction, in this line https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeFactory.sol#L133 the return value is ignored, even though the transferFrom might handle failed transferFrom differently by returning a false. to fix this issue use SafeERC20, because not only does this contract handle the false return value, but also handles a token that was didn't comply with erc20.
Handle
Tomio
Vulnerability details
Impact
in the https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeFactory.sol#L98 the user can create launchevent, and providing _token to the launchevent contract, however, some token may behave differently when handling a failed transfer and transferFrom, some token may handle failed transfer and transferFrom by returning a false condition rather than reverting the transaction, in this line https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeFactory.sol#L133 the return value is ignored, even though the transferFrom might handle failed transferFrom differently by returning a false. to fix this issue use SafeERC20, because not only does this contract handle the false return value, but also handles a token that was didn't comply with erc20.
Proof of Concept
https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeFactory.sol#L133
Tools Used
Manual review
Recommended Mitigation Steps