cryptotechmaker
commented
5 months ago It's an onlyOwner method. Also USDO it's safe to be used with transfer in that context
Open hats-bug-reporter[bot] opened 5 months ago
cryptotechmaker
commented
5 months ago It's an onlyOwner method. Also USDO it's safe to be used with transfer in that context
Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0x1a49dd51d6e202f7e94994b31c5cefc01feac612a34df88764e71c942f6d677b Severity: medium
Description: Description\
The extractFees function in the Usdo.sol contract uses a direct transfer call instead of the safeTransfer function provided by the OpenZeppelin SafeERC20 library. This introduces a vulnerability as the direct transfer call does not handle the case where the token contract does not return a boolean value, which can result in a failed transfer without reverting the transaction.
Attack Scenario\ Token Contract Without Boolean Return: If the contract interacts with a token contract that does not return a boolean value for transfer, the extractFees function might not properly handle the transfer failure, leading to unexpected behavior or partial fund loss.
extractFees
Recommendation Replace the direct
transfercall with thesafeTransfermethod from the OpenZeppelin SafeERC20 library. This ensures the transfer operation is properly checked and reverts on failure.