Closed sherlock-admin closed 1 year ago
141345
medium
Some ERC20 does not fully comply with the standard, such as USDT. The transferFrom doesn’t revert upon failure but returns false.
Even USDC could change, since it is upgradable. Deviate from the ERC20 standard is one possibility.
In submit(), some erc20 function call return value is not checked and could potentially incur fund loss or DoS.
submit()
Some fee could not be received and lost, the protocol and users both could be affected
https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/fee-buyback/FeeBuyback.sol#L71-L72
Manual Review
Use the OpenZeppelin's transfer wrapper for token transfer.
141345
medium
ERC20 function call return value not checked
Summary
Some ERC20 does not fully comply with the standard, such as USDT. The transferFrom doesn’t revert upon failure but returns false.
Even USDC could change, since it is upgradable. Deviate from the ERC20 standard is one possibility.
Vulnerability Detail
In
submit(), some erc20 function call return value is not checked and could potentially incur fund loss or DoS.Impact
Some fee could not be received and lost, the protocol and users both could be affected
Code Snippet
https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/fee-buyback/FeeBuyback.sol#L71-L72
Tool used
Manual Review
Recommendation
Use the OpenZeppelin's transfer wrapper for token transfer.