The unlock function does not utilize the safeTransfer or safeTransferFrom mechanism when transferring tokens. This omission can lead to potential vulnerabilities related to reentrancy attacks and unexpected behavior.
detail
The function directly transfers tokens using transfer (for Ether) or transfer (for ERC20 tokens).
Without using safeTransfer or safeTransferFrom, the contract does not check whether the recipient contract can handle the token.
This lack of validation can result in tokens being permanently lost if sent to a contract that does not support the expected interface.
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L401-L427
Vulnerability details
Impact
The unlock function does not utilize the safeTransfer or safeTransferFrom mechanism when transferring tokens. This omission can lead to potential vulnerabilities related to reentrancy attacks and unexpected behavior.
detail
The function directly transfers tokens using transfer (for Ether) or transfer (for ERC20 tokens). Without using safeTransfer or safeTransferFrom, the contract does not check whether the recipient contract can handle the token. This lack of validation can result in tokens being permanently lost if sent to a contract that does not support the expected interface.
code snippet.
Tools Used
manual review, vs code
Recommended Mitigation Steps
Replace direct token transfers with safeTransfer or safeTransferFrom methods.
Assessed type
ERC20