Unchecked token transfer are discouraged since some token return false instead of revert on failure. the L2 transaction
can revert if the callhook reverts. potentially locking the tokens on the bridge if the callhook never succeeds. this might cause problem in the future.
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/l2/gateway/L2GraphTokenGateway.sol#L244
Vulnerability details
Impact
Unchecked token transfer are discouraged since some token return false instead of revert on failure. the L2 transaction can revert if the callhook reverts. potentially locking the tokens on the bridge if the callhook never succeeds. this might cause problem in the future.
Proof of Concept
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/l2/gateway/L2GraphTokenGateway.sol#L244
Tools Used
Manual review
Recommended Mitigation Steps
ensure the callhook in onTokenTransfer return value is checked.