The topUp function in the StakingRewardsManager contract lacks proper validation of the result of the transferFrom operation, potentially leading to vulnerabilities.
Vulnerability Detail
In the topUp function, the contract attempts to transfer ERC-20 tokens using the transferFrom function without checking the return value. The relevant code snippet is as follows:
This operation could be exploited by a malicious msg.sender to initiate a trade without sending any underlying tokens. If the transferFrom function fails but does not revert, the contract will proceed without detecting the failure.
Impact
The lack of proper validation for the success of the transferFrom operation can lead to potential financial losses, as the contract may proceed with topping up the staking contract even if the token transfer fails.
It is essential to check the return value of the transferFrom function and revert the transaction if the transfer is unsuccessful. Also you can consider using OpenZeppelin's library with safe versions of transfer functions.
bigbick123456789000
medium
Unchecked Transfer in
topUp
FunctionSummary
The
topUp
function in theStakingRewardsManager
contract lacks proper validation of the result of thetransferFrom
operation, potentially leading to vulnerabilities.Vulnerability Detail
In the
topUp
function, the contract attempts to transfer ERC-20 tokens using thetransferFrom
function without checking the return value. The relevant code snippet is as follows:This operation could be exploited by a malicious
msg.sender
to initiate a trade without sending any underlying tokens. If thetransferFrom
function fails but does not revert, the contract will proceed without detecting the failure.Impact
The lack of proper validation for the success of the
transferFrom
operation can lead to potential financial losses, as the contract may proceed with topping up the staking contract even if the token transfer fails.Code Snippet
Link
Tool used
Manual Review
Recommendation
It is essential to check the return value of the
transferFrom
function and revert the transaction if the transfer is unsuccessful. Also you can consider using OpenZeppelin's library with safe versions of transfer functions.Duplicate of #8