A call to transferFrom is done without checking the results.
For certain ERC20 tokens, if insufficient tokens are present, no revert occurs but a result of “false” is returned. It’s important to check this. If you don’t, you could mint tokens without have received sufficient tokens to do so and could loose funds. Its also a best practice to check this.
Recommend always checking the result of transferFrom
w42d3n
unlabeled
Result of transferfrom not checked.
Summary
Result of transferfrom not checked.
Vulnerability Detail
A call to transferFrom is done without checking the results.
For certain ERC20 tokens, if insufficient tokens are present, no revert occurs but a result of “false” is returned. It’s important to check this. If you don’t, you could mint tokens without have received sufficient tokens to do so and could loose funds. Its also a best practice to check this.
Recommend always checking the result of transferFrom
Impact
Code Snippet
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/AstariaRouter.sol#L590
function _returnCollateral(uint256 collateralId, address receiver) internal { COLLATERAL_TOKEN.transferFrom(address(this), receiver, collateralId); }
Tool used
Manual Review
Recommendation
Recommend always checking the result of transferFrom