Closed code423n4 closed 2 years ago
https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/DepositBoxes/DepositBoxERC20.sol#L118
The transfered amount is saved without checking the actual amount of token received after the transfer.
_saveTransferredAmount(schainHash, erc20OnMainnet, amount); require( ERC20Upgradeable(erc20OnMainnet).transferFrom( msg.sender, address(this), amount ), "Transfer was failed" );
Check before and after balance
Duplicate and disputed of #42
Dup of #50
Lines of code
https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/DepositBoxes/DepositBoxERC20.sol#L118
Vulnerability details
Impact
The transfered amount is saved without checking the actual amount of token received after the transfer.
Proof of Concept
https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/DepositBoxes/DepositBoxERC20.sol#L118
Recommended Mitigation Steps
Check before and after balance