Closed c4-bot-8 closed 5 months ago
It's already called as the function uses override keyword;
Contract: GuildToken.sol
182: function _beforeTokenTransfer(
183: address from,
184: address to,
185: uint256 /* amount*/
186: ) internal view override {
187: require(
188: transferable || from == address(0) || to == address(0),
189: "GuildToken: transfers disabled"
190: );
191: }
0xSorryNotSorry marked the issue as insufficient quality report
Trumpero marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/tokens/GuildToken.sol#L182-L191 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/tokens/GuildToken.sol#L288-L300 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/tokens/GuildToken.sol#L302-L315
Vulnerability details
According to the docs, the Guild token is not transferable at lunch the function
_beforeTokenTransfer()
is used to keep track of transfers and enforce this law.But this function is not called in the transfer function to check if transfers are allowed.
Impact
Guild tokens are transferable at any time which goes against the intention of the developers
Tools Used
Manual Review
Recommended Mitigation Steps
The
_beforeTokenTransfer()
should be called in the transfer functions to regulate transfers.Assessed type
ERC20