The redeemRebasingOUSG function does not declare or capture the return value from rousg.transferFrom, potentially leading to unintended consequences.
The rousg.transferFrom function transfers tokens but does not check or capture the return value.
If the transfer fails (e.g., due to insufficient allowance), the contract will not be aware of it.
Proof of Concept
The vulnerability arises from the following aspect of the code:
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L362-L385 https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/rOUSG.sol#L276-L387
Vulnerability details
Impact
The redeemRebasingOUSG function does not declare or capture the return value from rousg.transferFrom, potentially leading to unintended consequences.
The rousg.transferFrom function transfers tokens but does not check or capture the return value. If the transfer fails (e.g., due to insufficient allowance), the contract will not be aware of it.
Proof of Concept
The vulnerability arises from the following aspect of the code:
this is the tranferFrom function from the rousg token contract.
Tools Used
Manual review
Recommended Mitigation Steps
Capture the return value from rousg.transferFrom and handle any potential errors (e.g., revert the transaction if the transfer fails).
Assessed type
Library