Unsafe use of transfer()/transferFrom() with IERC20
name: Unsafe use of transfer()/transferFrom() with IERC20
about: Unsafe use of transfer()/transferFrom() with IERC20
title: "Unsafe use of transfer()/transferFrom() with IERC20"
labels: ""
assignees: ""
Summary
[M-4] Unsafe use of transfer()/transferFrom() with IERC20
Vulnerability Detail
Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example, Tether (USDT)'s transfer() and transferFrom() functions on L1 do not return booleans as the specification requires and instead have no return value. When these sorts of tokens are cast to IERC20, their function signatures do not match, and therefore the calls made, revert. Use OpenZeppelin's SafeERC20's safeTransfer()/safeTransferFrom() instead.
Impact
The impact of using transfer()/transferFrom() with tokens that do not implement the ERC20 standard properly is that the calls may revert, leading to potential disruptions and errors in the code's functionality.
Code Snippet
Instances (1):
File: contracts/Infiltration.sol
929: super.transferFrom(from, to, tokenId);
Tool used
Manual Review
Recommendation
It is recommended to use OpenZeppelin's SafeERC20's safeTransfer()/safeTransferFrom() when dealing with tokens that do not implement the ERC20 standard properly to prevent potential reverts and disruptions.
phenom
medium
Unsafe use of transfer()/transferFrom() with IERC20
name: Unsafe use of transfer()/transferFrom() with IERC20 about: Unsafe use of transfer()/transferFrom() with IERC20 title: "Unsafe use of transfer()/transferFrom() with IERC20" labels: "" assignees: ""
Summary
[M-4] Unsafe use of transfer()/transferFrom() with IERC20
Vulnerability Detail
Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example, Tether (USDT)'s transfer() and transferFrom() functions on L1 do not return booleans as the specification requires and instead have no return value. When these sorts of tokens are cast to IERC20, their function signatures do not match, and therefore the calls made, revert. Use OpenZeppelin's SafeERC20's safeTransfer()/safeTransferFrom() instead.
Impact
The impact of using transfer()/transferFrom() with tokens that do not implement the ERC20 standard properly is that the calls may revert, leading to potential disruptions and errors in the code's functionality.
Code Snippet
Instances (1):
Tool used
Manual Review
Recommendation
It is recommended to use OpenZeppelin's SafeERC20's safeTransfer()/safeTransferFrom() when dealing with tokens that do not implement the ERC20 standard properly to prevent potential reverts and disruptions.
Duplicate of #120