berndartmueller
commented
2 years ago As only WETH (wrapped ETH) is transferred and WETH is a known ERC-20 token contract, there is no need for safeTransfer.
Closed code423n4 closed 2 years ago
berndartmueller
commented
2 years ago As only WETH (wrapped ETH) is transferred and WETH is a known ERC-20 token contract, there is no need for safeTransfer.
outdoteth
commented
2 years ago echo what @berndartmueller said
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L336
Vulnerability details
Description
The return value of an external transfer/transferFrom call is not checked
Impact
There are some tokens that do not revert on failure but return false instead, if such token is used, the return value won't be checked and the function won't revert even if the transfer fails. Therefore it is recommended to ensure the return value of transfer is checked.
Link to code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L336
Tools Used
Slither
Recommended Mitigation Steps
Use
SafeERC20, or ensure that the transfer/transferFrom return value is checked.