search

code-423n4 / 2022-02-concur-findings

2 stars 0 forks source link

QA Report #145

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-concur/blob/72b5216bfeaa7c52983060ebfc56e72e0aa8e3b0/contracts/ConvexStakingWrapper.sol#L182

Vulnerability details

Impact

There are calls to ERC20 transfer, where safeTransfer should be used instead. Some ERC20 compliant tokens may not revert on failure and instead return false. The use of safeTransfer will mitigate this issue. For more reference, see this medium severity finding of the same issue on a previous C4 contest: https://github.com/code-423n4/2021-11-bootfinance-findings/issues/31.

Proof of Concept

See example of unchecked transfer here.

Tools Used

Inspection.

Recommended Mitigation Steps

Use safeTransfer instead of transfer.

r2moon commented 2 years ago

https://github.com/code-423n4/2022-02-concur-findings/issues/263

GalloDaSballo commented 2 years ago

Dup of https://github.com/code-423n4/2022-02-concur-findings/issues/165

JeeberC4 commented 2 years ago

Generating QA Report as warden did not have one and judge downgraded issue. Preserving original title: Unchecked transfers

GalloDaSballo commented 2 years ago

1 finding