Not checking the return value from transfer means that some ERC20 implementations, which return false if a transfer fails, will not transfer the token but will have _erc20Released incremented.
Tools Used
Manual analysis
Recommended Mitigation Steps
Use safeERC20 library from OpenZeppelin for token transfers.
bghughes
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/peripheral_contracts/BathBuddy.sol#L114-L116
Vulnerability details
Impact
Not checking the return value from
transfermeans that some ERC20 implementations, which return false if a transfer fails, will not transfer the token but will have_erc20Releasedincremented.Tools Used
Manual analysis
Recommended Mitigation Steps
Use safeERC20 library from OpenZeppelin for token transfers.