function deposit(uint poolId, uint amount) external {
Pool storage pool = pools[poolId];
require(pool.id == poolId, 'Uninitialized pool');
require(block.timestamp > pool.startTime, 'Cannot deposit before pool start');
require(block.timestamp < pool.endTime, 'Cannot deposit after pool ends');
require(pool.totalDepositsWei < pool.maximumDepositWei, 'Maximum deposit already reached');
if (pool.totalDepositsWei + amount > pool.maximumDepositWei) {
amount = pool.maximumDepositWei - pool.totalDepositsWei;
}
pool.totalDepositsWei += amount;
pool.numReceipts++;
Receipt storage receipt = pool.receipts[pool.numReceipts];
receipt.id = pool.numReceipts;
receipt.amountDepositedWei = amount;
receipt.timeDeposited = block.timestamp;
receipt.owner = msg.sender;
bool success = IERC20(pool.depositToken).transferFrom(msg.sender, address(this), amount);
require(success, 'Token transfer failed');
emit DepositOccurred(poolId, pool.numReceipts, msg.sender);
}
if pool.depositToken === <USDT_ADDRESS> this function will revert because transferFrom of usdt does'nt return anything. and IERC20.transferFrom want a boolean.
Use OpenZeppelin’s SafeERC20 safeTransfer/safeTransferFrom instead of transfer/transferFrom that handles the return value check as well as non-standard-compliant tokens.
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/PermissionlessBasicPoolFactory.sol#L198
Vulnerability details
Impact
PermissionlessBasicPoolFactory.sol Consider this function:
if
pool.depositToken === <USDT_ADDRESS>
this function will revert becausetransferFrom
of usdt does'nt return anything. andIERC20.transferFrom
want aboolean
.other places with same problem:
Recommended Mitigation Steps
Use OpenZeppelin’s SafeERC20
safeTransfer/safeTransferFrom
instead oftransfer/transferFrom
that handles the return value check as well as non-standard-compliant tokens.