search

code-423n4 / 2024-04-panoptic-findings

2 stars 2 forks source link

Incorrect ERC20 Function Interface Definitions. #570

Closed c4-bot-8 closed 2 months ago

c4-bot-8 commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/tokens/interfaces/IERC20Partial.sol#L22-L27

Vulnerability details

Impact

The incorrect ERC20 function interfaces in IERC20Partial as identified by Slither can lead to compatibility issues and unexpected behavior when interacting with other contracts or services that expect standard ERC20 functionality. Specifically, the approve and transfer functions are missing the correct return types, which is a violation of the ERC20 standard. This can result in failed transactions or incorrect token transfers, potentially leading to loss of funds or other operational issues within applications that rely on these functions.

Proof of Concept

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/tokens/interfaces/IERC20Partial.sol#L22-L27

The issue is highlighted in the IERC20Partial interface, where the approve and transfer functions are defined without the expected return types. According to the ERC20 standard, the approve function should return a boolean indicating success or failure, and the transfer function should return a boolean indicating whether the transfer was successful. The absence of these return types in the interface definition can lead to compatibility issues when interacting with other contracts or services that expect these return values.

Tools Used

Slither was used to identify this vulnerability.

Recommended Mitigation Steps

To mitigate this issue, it's recommended to update the IERC20Partial interface to correctly define the return types for the approve and transfer functions according to the ERC20 standard. This ensures compatibility and correct behavior when interacting with other contracts or services. Here's how the corrected interface might look:

interface IERC20Partial {
    function approve(address spender, uint256 amount) external returns (bool);
    function transfer(address recipient, uint256 amount) external returns (bool);
}

By ensuring that the approve and transfer functions return boolean values, you align the IERC20Partial interface with the ERC20 standard, reducing the risk of compatibility issues and ensuring that transactions and token transfers behave as expected.

Assessed type

ERC20

Picodes commented 2 months ago

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/tokens/interfaces/IERC20Partial.sol#L5

c4-judge commented 2 months ago

Picodes marked the issue as unsatisfactory: Invalid