A call to transfer is done without checking the results.
For certain ERC20 tokens, if insufficient tokens are present, no revert occurs but a result of "false" is returned.
So it's important and also a best practice to check this.
Note that, in almost all occasions in the solution, safeTransfer is used.
ritik99
commented
2 years ago
Lines of code
https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/PooledCreditLine/LenderPool.sol#L327
Vulnerability details
Impact
A call to transfer is done without checking the results. For certain ERC20 tokens, if insufficient tokens are present, no revert occurs but a result of "false" is returned. So it's important and also a best practice to check this.
Note that, in almost all occasions in the solution, safeTransfer is used.
Proof of Concept
Use of transfer without result-checking:
Recommended Mitigation Steps
Always check the result of transfer or use safeTransfer