In the ChilizWrappedERC20::withdrawTo function, if the transfer fails, it will result in the tokens being incorrectly burnt first.
Summary:
In the ChilizWrappedERC20::withdrawTo function, it is observed that the business logic involves burning tokens first and then transferring them. If the token transfer fails, the entire transaction is rolled back, which will result in the previous tokens being incorrectly burnt.
Vulnerability Detail
Error scenario:
The user wants to call withdrawTo to withdraw a certain amount of tokens and transfer them to a specified account.
However, it is required to burn a certain amount of tokens first and then transfer a certain amount of tokens to the specified account.
At this point, if the token transfer fails and the transaction is rolled back, it will result in the previous tokens being incorrectly burnt.
Impact
If the token transfer fails, it will indeed result in the previous tokens being incorrectly burnt.
0x996
medium
In the
ChilizWrappedERC20::withdrawTo
function, if the transfer fails, it will result in the tokens being incorrectly burnt first.Summary:
In the
ChilizWrappedERC20::withdrawTo
function, it is observed that the business logic involves burning tokens first and then transferring them. If the token transfer fails, the entire transaction is rolled back, which will result in the previous tokens being incorrectly burnt.Vulnerability Detail
Error scenario:
withdrawTo
to withdraw a certain amount of tokens and transfer them to a specified account.Impact
If the token transfer fails, it will indeed result in the previous tokens being incorrectly burnt.
Code Snippet:
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/utils/ChilizWrappedERC20.sol#L45-L55
Tool used
Manual Review
Recommendation:
The correct order should indeed be to transfer the tokens first and then proceed with burning them.