lacoop6tu
commented
2 years ago we don't send eth but use transfer which returns a bool to confirm if transaction went ok
Closed code423n4 closed 2 years ago
lacoop6tu
commented
2 years ago we don't send eth but use transfer which returns a bool to confirm if transaction went ok
elnilz
commented
2 years ago note, we use a balancer lp token (BPT) as the token accepted for locking in veFDT
gititGoro
commented
2 years ago there are no payable functions. This should indicate no use of Eth. Marking invalid
Lines of code
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L546 https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L657
Vulnerability details
Impact
transaction may fail and funds may be lost
Proof of Concept
(https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L657)
Tools Used
Recommended Mitigation Steps
use call