When a user calls unlock() ERC-20 tokens get transferred to him but the case where the token transfer does not succeed is not handled. His funds can get locked because of this.
Impact
Loss of funds
Proof of Concept
Some ERC-20 tokens do not revert on failiure but instead return false. This means that if the transfer fails nothing will happen but lockedToken.quantity will still get updated. This variable determines how many tokens a user can withdraw.
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L423
Vulnerability details
When a user calls
unlock()
ERC-20 tokens get transferred to him but the case where the token transfer does not succeed is not handled. His funds can get locked because of this.Impact
Loss of funds
Proof of Concept
Some ERC-20 tokens do not revert on failiure but instead return false. This means that if the transfer fails nothing will happen but
lockedToken.quantity
will still get updated. This variable determines how many tokens a user can withdraw.Tools Used
Manual Review
Recommended Mitigation Steps
Use OpenZeppelin’s SafeERC20
Assessed type
ERC20