Unsafe erc20 method and unsafe transfer/transferFrom
Unsafe erc20 method and unsafe transfer/transferFrom
Summary
Using IERC20 methods can be reverted on some tokens. also, this contract used a transfer parameter instead of safeTransfer.
Vulnerability Detail
Some ERC20 tokens don't work correctly with IERC20 interface and using this method can revert this function for some tokens. also in some lines of XProvider contract transfer parameter used, its means when transfer fail function doesn't revert.
Impact
Functions have used transferFrom in XProvider contract will revert for some token because used IERC20 unsafe method.
also, some lines of this contract have used transfer instead of safeTransfer so this doesn't revert if transfer failed.
Avci
medium
Unsafe erc20 method and unsafe transfer/transferFrom
Unsafe erc20 method and unsafe transfer/transferFrom
Summary
Using IERC20 methods can be reverted on some tokens. also, this contract used a transfer parameter instead of safeTransfer.
Vulnerability Detail
Some ERC20 tokens don't work correctly with IERC20 interface and using this method can revert this function for some tokens. also in some lines of XProvider contract transfer parameter used, its means when transfer fail function doesn't revert.
Impact
Functions have used transferFrom in XProvider contract will revert for some token because used IERC20 unsafe method. also, some lines of this contract have used transfer instead of safeTransfer so this doesn't revert if transfer failed.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby-0xdanial/blob/0443bbd0058be6bd4e840f6c1174137f4ab4a65e/derby-yield-optimiser/contracts/XProvider.sol#L147
https://github.com/sherlock-audit/2023-01-derby-0xdanial/blob/0443bbd0058be6bd4e840f6c1174137f4ab4a65e/derby-yield-optimiser/contracts/XProvider.sol#L329
https://github.com/sherlock-audit/2023-01-derby-0xdanial/blob/0443bbd0058be6bd4e840f6c1174137f4ab4a65e/derby-yield-optimiser/contracts/XProvider.sol#L372
https://github.com/sherlock-audit/2023-01-derby-0xdanial/blob/0443bbd0058be6bd4e840f6c1174137f4ab4a65e/derby-yield-optimiser/contracts/XProvider.sol#L574
https://github.com/sherlock-audit/2023-01-derby-0xdanial/blob/0443bbd0058be6bd4e840f6c1174137f4ab4a65e/derby-yield-optimiser/contracts/XProvider.sol#L583
Tool used
Manual Review
Recommendation
Consider using OZ functions.
Duplicate of #10