`LiquidInfrastructureERC20::distribute()` - L195: Should use a `safeTransfer()` along with a require check instead due to the use of ERC20 `transfer()` which doesn't guarantee a boolean return value, therefore default `false` would skip the logic of this `if` statement, which would result in inaccurate values for the `receipts` array.

[c4-bot-8]

Lines of code

https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/3adc34600561077ad4834ee9621060afd9026f06/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L195-L197

Vulnerability details

Recommendations:

• Replace transfer() with OZ's safeTransfer().
• Replace the if statement with a require statement instead.

-    if (toDistribute.transfer(recipient, entitlement)) {
-        receipts[j] = entitlement;
-    }
+    (bool success) = toDistribute.safeTransfer(recipient, entitlement);
+    require(success, "transfer failed");
+    receipts[j] = entitlement;

Assessed type

Other

[c4-pre-sort]

0xRobocop marked the issue as insufficient quality report

[c4-pre-sort]

0xRobocop marked the issue as duplicate of #688

[c4-judge]

0xA5DF marked the issue as unsatisfactory: Out of scope