Unchecked Return Value for IERC20.transfer & IERC20.transferFrom call
It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L359
Vulnerability details
Unchecked Return Value for IERC20.transfer & IERC20.transferFrom call
It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.
Instances:
File: Swivel.sol- Link
Reference:
This similar medium-severity finding from Consensys Diligence Audit of Fei Protocol.
Recommended Mitigation Steps:
Consider using safeTransfer/safeTransferFrom or require() consistently.