Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleVesting.sol#L173
MerkleVesting.sol#L173
tree.tokenBalance -= currentWithdrawal; IERC20(tree.tokenAddress).transfer(destination, currentWithdrawal);
In case of failed transfer here it do not check return value of transfer. it updates the tree balance without transfering the tokens. and causes loss.
Use OpenZeppelin’s SafeERC20 safeTransfer instead of transfer that handles the return value check as well as non-standard-compliant tokens.
safeTransfer
transfer
Duplicate #27
Re-closing as duplicate.
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/MerkleVesting.sol#L173
Vulnerability details
Impact
MerkleVesting.sol#L173
In case of failed transfer here it do not check return value of transfer. it updates the tree balance without transfering the tokens. and causes loss.
Proof of Concept
MerkleVesting.sol#L173
Recommended Mitigation Steps
Use OpenZeppelin’s SafeERC20
safeTransfer
instead oftransfer
that handles the return value check as well as non-standard-compliant tokens.