search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

using of safeTransfer instead of transfer #416

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L136 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L194

Vulnerability details

Impact

Tokens not compliant with the ERC20 specification could return false from the transfer function call to indicate the transfer fails, while the calling contract would not notice the failure if the return value is not checked. Checking the return value is a requirement, as written in the EIP-20 specification:

Proof of Concept

LRTDepositPool.::depositAsset

 {
        address nodeDelegator = nodeDelegatorQueue[ndcIndex];
        if (!IERC20(asset).transfer(nodeDelegator, amount)) {
            revert TokenTransferFailed();
        }

LRTDepositPool.::transferAssetToNodeDelegator

 {
        address nodeDelegator = nodeDelegatorQueue[ndcIndex];
        if (!IERC20(asset).transfer(nodeDelegator, amount)) {
            revert TokenTransferFailed();
        }

Tools Used

VS Code

Recommended Mitigation Steps

Use the SafeERC20 library implementation from OpenZeppelin and call safeTransfer or when transferring ERC20 tokens.

Assessed type

ERC20

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #166

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid