code423n4 commented 2 years ago

Handle

hack3r-0m

Vulnerability details

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeFactory.sol#L133

createRJLaunchEvent is followed by initialization of launch event, the balance of launch event address is what is supplied by above mentioned safe transfer call

According to EIP20, transferFrom returns boolean

function transferFrom(address _from, address _to, uint256 _value) public returns (bool success)

If it returns false, value is not checked and execution continues, this results in the creation of the launch event successfully.

And it is harmful because the same factory cannot ever create launch event for same token again.

Tools Used

Manual Review

Recommended Mitigation Steps

Use SafeTransfer or TransferHelper

cryptofish7 commented 2 years ago

Duplicate of #232

dmvt commented 2 years ago

duplicate of #198

code-423n4 / 2022-01-trader-joe-findings

transferFrom return value unchecked #315

Handle

Vulnerability details

Tools Used

Recommended Mitigation Steps