Use of transferFrom() instead of safeTransferFrom()
Summary
transferFrom() is used without checking the return value.
Vulnerability Detail
The topUp() function transfers the rewardToken from the source to the staking reward contracts, to do so it uses the transferFrom() function. Tokens might fail to be transferred (ex. not enough are approved) and return false, but this is never checked in the code.
Impact
If the topUp() function might not revert on a token transfer fail and will continue execution calling notifyRewardAmount() on the staking contracts.
zzykxx
medium
Use of
transferFrom()
instead ofsafeTransferFrom()
Summary
transferFrom()
is used without checking the return value.Vulnerability Detail
The
topUp()
function transfers therewardToken
from thesource
to the staking reward contracts, to do so it uses thetransferFrom()
function. Tokens might fail to be transferred (ex. not enough are approved) and returnfalse
, but this is never checked in the code.Impact
If the
topUp()
function might not revert on a token transfer fail and will continue execution callingnotifyRewardAmount()
on the staking contracts.Code Snippet
Tool used
Manual Review
Recommendation
Use openzeppelin
safeTransferFrom()
instead oftransferFrom()
, if a transfer fail the function will always revert.Duplicate of #8