Use safeTransferFrom() instead of transferFrom() for ERC20 transfers
Summary
mint function in UXDController.sol use the transferFrom() method instead of safeTransferFrom().
Vulnerability Detail
Some ERC20 tokens that are not compliant with the specification could return false from the transfer function call to indicate that the transfer fails, but the calling contract would not notice the failure if the return value is not checked.The EIP-20 specification requires to check the return value.
See reference for similar issue: https://github.com/sherlock-audit/2022-11-dodo-judging/issues/47
Impact
Callers might not properly handle tokens that are not ERC20 compliant.
sach1r0
medium
Use safeTransferFrom() instead of transferFrom() for ERC20 transfers
Summary
mintfunction inUXDController.soluse the transferFrom() method instead of safeTransferFrom().Vulnerability Detail
Some ERC20 tokens that are not compliant with the specification could return false from the transfer function call to indicate that the transfer fails, but the calling contract would not notice the failure if the return value is not checked.The EIP-20 specification requires to check the return value. See reference for similar issue: https://github.com/sherlock-audit/2022-11-dodo-judging/issues/47
Impact
Callers might not properly handle tokens that are not ERC20 compliant.
Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDController.sol#L195 https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDController.sol#L337
Tool used
Vim and Manual Review
Recommendation
Use the SafeERC20 library implementation from OpenZeppelin and call safeTransferFrom when transferring ERC20 tokens.