Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L235 https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L276
The smart contract doesn’t check the return value of token.transferFrom(), some erc20 token might not revert in case of error but return false.
as seen in several contests, for ex: https://code4rena.com/reports/2021-06-tracer/#m-02-no-check-transferfrom-return-value https://code4rena.com/reports/2021-06-pooltogether/#m-02-return-values-of-erc20-transfer-and-transferfrom-are-unchecked
Visual inspection
Recommend wrapping the call into a require() or using openzeppelin’s SafeERC20 library.
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L235 https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L276
Vulnerability details
Impact
The smart contract doesn’t check the return value of token.transferFrom(), some erc20 token might not revert in case of error but return false.
Proof of Concept
as seen in several contests, for ex: https://code4rena.com/reports/2021-06-tracer/#m-02-no-check-transferfrom-return-value https://code4rena.com/reports/2021-06-pooltogether/#m-02-return-values-of-erc20-transfer-and-transferfrom-are-unchecked
Tools Used
Visual inspection
Recommended Mitigation Steps
Recommend wrapping the call into a require() or using openzeppelin’s SafeERC20 library.