search

code-423n4 / 2022-06-nested-findings

0 stars 1 forks source link

Using safeTransfer/safeTransferFrom of SafeERC20.sol is recommended #56

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/Withdrawer.sol#L27

Vulnerability details

Impact

ERC20 standard allows transferFrom/transfer function of some contracts to return bool or return nothing. Using safeTransfer/safeTransferFrom of SafeERC20.sol is recommended instead.

Affected code:

  1. https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/Withdrawer.sol#L27

Proof of Concept

Tools Used

Recommended Mitigation Steps

Yashiru commented 2 years ago

Using safeTransfer/safeTransferFrom of SafeERC20.sol is recommended (Duplicated)

Duplicated of #24 at Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Disagree with severity, must be a QA.