Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
safeTransfer wrapper function already throws error when token contract returns false
Invalid, CQT is a standard ERC20, if transfer fails it will simply revert, the return value is not required to be explicitly checked
Anubis
high
Potential Loss of Funds due to Unchecked Return Value
Summary
The OperationalStaking contract interacts with the ERC20 token but does not check the return value of the safeTransfer and safeTransferFrom functions from the SafeERC20 library. This could lead to a false assumption of successful token transfer, potentially resulting in loss of funds or incorrect accounting.
Vulnerability Detail
The safeTransfer and safeTransferFrom functions from the SafeERC20 library are used to securely transfer ERC20 tokens. These functions internally call the transfer and transferFrom functions of the ERC20 token contract, which should return a boolean value indicating success or failure. However, the contract does not explicitly check these return values. If the token contract returns false or does not return a value, the OperationalStaking contract may incorrectly assume that the transfer was successful.
Impact
This vulnerability can lead to loss of funds or discrepancies in accounting, as the contract may assume a transfer has succeeded when it has actually failed. This can have severe implications, especially in functions related to reward distribution, staking, and unstaking, potentially affecting the integrity of the staking mechanism.
Code Snippet
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L372-L381
Tool used
Manual Review
Recommendation
To mitigate this risk, ensure that the contract checks the return value of the safeTransfer and safeTransferFrom functions and reverts the transaction if the transfer is unsuccessful. You can use the require statement to assert successful transfer:
This change ensures that the contract's state remains consistent and that no actions are taken based on an incorrect assumption of successful token transfers.