search

hats-finance / Tapioca-0xe0b920d38a0900af3bab7ff0ca0af554129f54ad

1 stars 2 forks source link

Unchecked ERC20 transfer #21

Open hats-bug-reporter[bot] opened 1 month ago

hats-bug-reporter[bot] commented 1 month ago

Github username: @mgf15 Twitter username: -- Submission hash (on-chain): 0xb7adb54b92d2b4dad19c149b7e49bf50b4ebb815a9093db8fef876f27d29493a Severity: medium

Description: Description\

ERC20 transfer and transferFrom calls normally return true on a succesful transfer. but , Some tokens do not return a bool (e.g. USDT, BNB, OMG) on ERC20 methods. If asset is an ERC20 token which does not comply with the EIP-20 standard it might return false on a failed transaction rather than revert. In this case it would count as a valid transaction even though it is not. Attack Scenario\ the IERC20(rewardToken_).transfer(sendTo_, dust); retrun false on the transfer , there is no check if the call is valid or not, user lost reward token
Attachments

  1. Proof of Concept (PoC) File 
                IERC20(rewardToken_).transfer(sendTo_, dust);
  2. Revised Code File (Optional)
MGF15 commented 1 month ago

i think this in invalid cunz i opened the wrong commit !