In every transfer happen needs to be checked for success for avoid the token revert when transfer failure.
Vulnerability Detail
Its a good to add require() statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affect token accounting in contract. parameter needs to be checked for success.
Impact
Some ERC20 tokens function don't return a boolean, for example USDC, USDT, etc. So the contract simply won't work with token like that as the token.
all interactions should follow correct checks. so we suggest to using safetransfer/safetransferFrom in safeERC20 Openzeppelin or checking the success boolean of all .transfer or .transferFrom call for unknown contract.
Waze
medium
Unsafe usage ofERC20 transferand transferForm
Summary
In every transfer happen needs to be checked for success for avoid the token revert when transfer failure.
Vulnerability Detail
Its a good to add require() statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affect token accounting in contract. parameter needs to be checked for success.
Impact
Some ERC20 tokens function don't return a boolean, for example USDC, USDT, etc. So the contract simply won't work with token like that as the token.
Code Snippet
https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxBatchingManager.sol#L187 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxJuniorVault.sol#L309 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxSeniorVault.sol#L193 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxSeniorVault.sol#L203 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxBatchingManager.sol#L202
Tool used
Manual Review
Recommendation
all interactions should follow correct checks. so we suggest to using safetransfer/safetransferFrom in safeERC20 Openzeppelin or checking the success boolean of all .transfer or .transferFrom call for unknown contract.