search

sherlock-audit / 2023-06-Index-judging

6 stars 2 forks source link

Avci - Using IERC20() standard will fail for tokens like USDT #81

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Avci

medium

Using IERC20() standard will fail for tokens like USDT

Summary

Using IERC20() standard will fail for tokens like USDT

Vulnerability Detail

IERC20(components[i]) will fail for some tokens as they may not conform to the standard IERC20 interface. Like USDT because it not support IERC20() standard.

Impact

If transferFrom() fails, user can mint _setToken for free.

Code Snippet

transferFrom(
                IERC20(components[i]),
                msg.sender,
                address(_setToken),
                componentQuantities[I]
            )

https://github.com/sherlock-audit/2023-06-Index/blob/8d348ed344635a068d458aa04956f966b6d3d4f3/index-protocol/contracts/protocol/modules/v1/BasicIssuanceModule.sol#L107-L112

Tool used

Manual Review

Recommendation

Consider Using safeTransferFrom. G