c4-pre-sort
commented
1 year ago dmvt marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago dmvt marked the issue as low quality report
dmvt
commented
1 year ago spam / bot race
c4-judge
commented
1 year ago dmvt marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2023-05-juicebox/blob/9d0458282511ff269b3b35b5b082b56d5cc08663/juice-buyback/contracts/JBXBuybackDelegate.sol#L286
Vulnerability details
Impact
JBXBuybackDelegate._swap(JBDidPayData,uint256,uint256) (contracts/JBXBuybackDelegate.sol#258–326) ignores return value by projectToken.transfer(_data.beneficiary,_nonReservedToken) (contracts/JBXBuybackDelegate.sol#286) which could lead to unchecked transfer vulnerability
Tools Used
Slither Analyzer
Recommended Mitigation Steps
To address this vulnerability, you should always check the return value of the transfer() function and handle the failure appropriately. Here's an example of how you can modify the code to mitigate the unchecked transfer vulnerability:
if (_nonReservedToken != 0) { bool transferSuccess = projectToken.transfer(_data.beneficiary, _nonReservedToken); require(transferSuccess, "Token transfer failed"); } By using the require() statement, you ensure that the token transfer is successful. If the transfer fails, it will revert the transaction and provide an error message, preventing any further execution of the code
Assessed type
ETH-Transfer