c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #329
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #329
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Out of scope
Judge has assessed an item in Issue #163 as M risk. The relevant finding follows:
TOKEN TRANSFERS DO NOT VERIFY THAT THE TOKENS WERE SUCCESSFULLY TRANSFERRED Some tokens (like zrx) do not revert the transaction when the transfer/transferfrom fails and return false, which requires us to check the return value after calling the transfer/transferfrom function.
Use SafeERC20’s safeTransfer/safeTransferFrom functions
function deposit(address _recipient, uint256 _amount) external override nonReentrant returns (uint256) { uint256 _fee = (_amount * depositFee) / FEE_DENOMINATOR; if (depositFee > 0) { require(_fee > 0, "fee = 0"); } else { require(_amount > 0, "amount = 0"); } baseToken.transferFrom(msg.sender, address(this), _amount);