search

code-423n4 / 2022-04-jpegd-findings

1 stars 1 forks source link

unhandled return value form transfer() and transferFrom() in JpegStaking.sol #125

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/staking/JPEGStaking.sol#L34 https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/staking/JPEGStaking.sol#L52

Vulnerability details

Impact

Return value from ERC20(token).transfer() and ERC20(token).transferFrom() should be checked which ensure that wether the given tranfer of token is successful or failure

Proof of Concept

`function stake(uint256 _amount) external { require(_amount > 0, "invalid_amount");

    jpeg.transferFrom(msg.sender, address(this), _amount);

    _mint(msg.sender, _amount);

    emit Stake(msg.sender, _amount);
}

/// @notice Allows users to unstake `_amount` of JPEG
/// @dev Emits an {Unstake} event
/// @param _amount The amount of JPEG to unstake
function unstake(uint256 _amount) external nonReentrant {
    require(
        _amount > 0 && _amount <= balanceOf(msg.sender),
        "invalid_amount"
    );

    _burn(msg.sender, _amount);

    jpeg.transfer(msg.sender, _amount);

    emit Unstake(msg.sender, _amount);

`

Tools Used

manual review

Recommended Mitigation Steps

use safeTransfer() and safeTransferFrom() method from openzeppelin library

spaghettieth commented 2 years ago

Duplicate of #221

dmvt commented 2 years ago

Invalid. Sponsor wrote the code for the token (and it is included in this contest) so they know that it functions correctly.