code-423n4 / 2024-06-panoptic-findings

1 stars 0 forks source link

the issue type ragarding expect return value for approve, transfer and we adding transfer from. #46

Closed howlbot-integration[bot] closed 5 months ago

howlbot-integration[bot] commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L11 https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L16 https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L22 https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L27

Vulnerability details

Impact

  1. Standards Compliance:

  2. Interface Incompatibility:

  3. Security Considerations:

Proof of Concept

  1. The interface does not fully comply with the ERC20 standard, which expects certain functions to return a boolean value. This could lead to compatibility issues with tools, libraries, or contracts that strictly adhere to the ERC20 standard.

  2. Contracts or services interacting with IERC20Partial expecting ERC20 functions with return values might face errors or unexpected behavior.

  3. By not adhering to the ERC20 standard, there could be security implications, especially in contexts where the return value of approve, transfer, and transferFrom is critical for ensuring successful operations and preventing erroneous transfers or approvals.

  4. https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L11

  5. https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L22

  6. https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/tokens/interfaces/IERC20Partial.sol#L27

  7. Below the transfer we adding transferfrom.

function transferFrom(address from, address to, uint256 amount) external returns (bool);

Discord, ChatGPT3.5, Discussions on Github.

Recommended Mitigation Steps

  1. Complying with ERC20: Including the return values ensures that the interface is fully compliant with the ERC20 standard.

  2. Maintaining Compatibility: The interface remains compatible with tools, libraries, and contracts expecting the standard ERC20 interface.

  3. Reducing Errors: Properly implementing the standard reduces the risk of errors or unexpected behavior in interactions with other contracts or services.

Assessed type

ERC20

c4-judge commented 5 months ago

Picodes marked the issue as unsatisfactory: Invalid