Detailed description of the impact of this finding.
Some older or non-standard ERC20 tokens don’t return the expected boolean values for functions like approve, transfer, and transferFrom. This is an issue because, starting from Solidity 0.4.22, these functions are supposed to return a true or false indicating whether the operation was successful.
If a token doesn’t return this value, any contract built with Solidity 0.4.22 or later that tries to interact with these tokens might fail. This could lead to transactions not going through, which might disrupt your processes or even cause financial losses if it’s not caught early.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function safeTransfer(address tokenAddress, address recipient, uint256 amount) external {
IERC20 token = IERC20(tokenAddress);
bool success = token.transfer(recipient, amount);
require(success, "Transfer failed");
}
Tools Used
Manual code review.
Recommended Mitigation Steps
Replace placeholder information with the actual details and GitHub links from your code. If you need help finding the links or refining the report further, let me know!
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/libraries/Allowance.sol#L4-L8
Vulnerability details
Impact
Detailed description of the impact of this finding.
Some older or non-standard ERC20 tokens don’t return the expected boolean values for functions like approve, transfer, and transferFrom. This is an issue because, starting from Solidity 0.4.22, these functions are supposed to return a true or false indicating whether the operation was successful.
If a token doesn’t return this value, any contract built with Solidity 0.4.22 or later that tries to interact with these tokens might fail. This could lead to transactions not going through, which might disrupt your processes or even cause financial losses if it’s not caught early.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function safeTransfer(address tokenAddress, address recipient, uint256 amount) external { IERC20 token = IERC20(tokenAddress); bool success = token.transfer(recipient, amount); require(success, "Transfer failed"); }
Tools Used
Manual code review.
Recommended Mitigation Steps
Replace placeholder information with the actual details and GitHub links from your code. If you need help finding the links or refining the report further, let me know!
Assessed type
ERC20