search

code-423n4 / 2023-04-frankencoin-findings

5 stars 4 forks source link

Result of transferFrom and transfer are not checked. #960

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Position.sol#L138

Vulnerability details

[M-01] result of transferFrom and transfer are not checked. It may lead to assets lost if the transfer is somehow failed.

below are some examples:

contracts/Position.sol
138: collateral.transferFrom(msg.sender, address(this), newCollateral - colbal);
228: IERC20(zchf).transferFrom(msg.sender, address(this), amount);
253: IERC20(token).transfer(target, amount);
269: IERC20(collateral).transfer(target, amount);

contracts/MintingHub.sol
108: zchf.transferFrom(msg.sender, address(zchf.reserve()), OPENING_FEE);
110: IERC20(_collateralAddress).transferFrom(msg.sender, address(pos), _initialCollateral);
129: existing.collateral().transferFrom(msg.sender, address(pos), _initialCollateral);
142: IERC20(position.collateral()).transferFrom(msg.sender, address(this), _collateralAmount);
204: zchf.transfer(challenge.bidder, challenge.bid); // return old bid
210: zchf.transferFrom(msg.sender, challenge.challenger, _bidAmountZCHF);
211: challenge.position.collateral().transfer(msg.sender, challenge.size);
225: zchf.transferFrom(msg.sender, address(this), _bidAmountZCHF);
263: IERC20(zchf).transfer(challenge.bidder, challenge.bid - effectiveBid);
268: zchf.transfer(owner, effectiveBid - fundsNeeded);
272: zchf.transfer(challenge.challenger, reward); // pay out the challenger reward
c4-pre-sort commented 1 year ago

0xA5DF marked the issue as duplicate of #777

c4-judge commented 1 year ago

hansfriese marked the issue as unsatisfactory: Invalid