Closed code423n4 closed 2 years ago
duplicate of #130
Hi guys. I have the same in my QA report (on top) - https://github.com/code-423n4/2022-05-factorydao-findings/issues/236 I believe this one is also in other wardens' submissions. Looks like it's somehow missed. @gititGoro @JeeberC4
Judge has assessed an item in Issue #94 as High risk. The relevant finding follows:
2. Return values of
transfer()
/transferFrom()
not checkedNot all
IERC20
implementationsrevert()
when there's a failure intransfer()
/transferFrom()
. The function signature has aboolean
return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a paymenthttps://github.com/code-423n4/2022-05-factorydao/blob/e22a562c01c533b8765229387894cc0cb9bed116/contracts/MerkleVesting.sol#L173