Closed code423n4 closed 2 years ago
Agree that it would be best to use Safe Erc20 everywhere
Downgraded to low
as the impact is low in this particular context as the token will not be an arbitrary token and even if it reverts, it will not result in any major impact.
Lines of code
https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/vault_and_oracles/UniV3LpVault.sol#L366 https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/vault_and_oracles/FlashLoan.sol#L57 https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/compound_rari_fork/CErc20.sol#L144
Vulnerability details
Impact
Some tokens do not
revert()
on failure and instead returnfalse
. If the caller does not check the return value, accounting that depends on the transferred amounts breaks.Proof of Concept
File: contracts/vault_and_oracles/UniV3LpVault.sol (line 366)
File: contracts/vault_and_oracles/FlashLoan.sol (line 57)
File: contracts/compound_rari_fork/CErc20.sol (line 144)
Tools Used
Code inspection
Recommended Mitigation Steps
Use OpenZeppelin's
safeTransfer()
/safeTransferFrom()