Add the Return the bool (success) as well as the return abi.encode(seqNum); to the transferFrom function so that in the event of on unsuccesful transfer other than in the params defined it will be known, on some tokens by not checking this return value it can actually cause the operaton to go through without a transfer of any assets.
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/gateway/L1GraphTokenGateway.sol#L235
Vulnerability details
Impact
Add the Return the bool (success) as well as the return abi.encode(seqNum); to the transferFrom function so that in the event of on unsuccesful transfer other than in the params defined it will be known, on some tokens by not checking this return value it can actually cause the operaton to go through without a transfer of any assets.
Proof of Concept
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/gateway/L1GraphTokenGateway.sol#L235
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/gateway/L1GraphTokenGateway.sol#L263
Tools Used
none/static code audit
Recommended Mitigation Steps
also add the bool return statement as a precautionary measure