deluca-mike
commented
2 years ago Very true! This is a good one. Good catch!
Open code423n4 opened 2 years ago
deluca-mike
commented
2 years ago Very true! This is a good one. Good catch!
deluca-mike
commented
2 years ago In the released candidate contract, all transfers and transferFroms are done using the standard IERC20 interface, assuming the XDEFI token contact will revert on a failure.
See the mainnet XDEFI token contract, lines 258 and 259 in the ERC20.sol contract code.
Specifically, this is now done in:
emergencyUnlock (which is new)unlockunlockBatch_lock_relock
Ivshti
commented
2 years ago good finding!
Handle
0xsanson
Vulnerability details
Impact
Throughout the code the safe functions
safeTransferandsafeTransferFromare used when dealing with XDEFI. Isn't this token a standard ERC20? I believe the normal ERC20 transfer functions can be used. The advantage is gaining some 100s gas otherwise spent in unneeded logic.Proof of Concept
grep safeT *.sol
Recommended Mitigation Steps
Consider removing the SafeERC20 library.