If the MarginTrading contract is managed not by EOA but by another contract, such "silent fails" would make a mess and may lead to calculation errors in the owner contract, when it "withdraws" funds and sees that the tx is successful (but the funds are actually not sent because of some error).
Code Snippet
Tool used
Manual Review
Recommendation
Consider using SafeERC20.safeTransfer function instead.
Quantish
medium
Consider using
safeTransferinstead oftransferSummary
Consider using
safeTransferinstead oftransferVulnerability Detail
In
MarginTradingyou useERC20.transferfor transferring funds: https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L212 https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L341Some of ERC20 tokens may not revert on unsuccessful transfer, but just return
falseinstead: https://github.com/d-xo/weird-erc20/#no-revert-on-failureImpact
If the
MarginTradingcontract is managed not by EOA but by another contract, such "silent fails" would make a mess and may lead to calculation errors in the owner contract, when it "withdraws" funds and sees that the tx is successful (but the funds are actually not sent because of some error).Code Snippet
Tool used
Manual Review
Recommendation
Consider using
SafeERC20.safeTransferfunction instead.