sherlock-admin
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid: Contract uses SafeTransferLib
Closed sherlock-admin closed 7 months ago
sherlock-admin
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid: Contract uses SafeTransferLib
bigbick123456789000
medium
Lack of Explicit Error Handling in Token Transfers within _prepare and _fill Functions
Summary
The
_prepareand_fillfunctions within the provided smart contract do not include explicit error handling mechanisms to handle potential failures in token transfers. These functions are responsible for preparing and filling orders, respectively, including the transfer of input and output tokens. Without proper error handling, failed token transfers could lead to unexpected behaviour or loss of funds.Vulnerability Detail
The
_preparefunction is responsible for validating orders, injecting fees, and transferring input tokens in preparation for order fill. Similarly, the_fillfunction handles the actual filling of orders by transferring output tokens to their respective recipients.However, neither of these functions includes explicit error handling to manage potential failures during token transfers. In Solidity, when transferring tokens using the transfer function of an ERC20 token contract, if the transfer fails (e.g., due to insufficient balance or a revert condition within the token contract), it will revert the entire transaction in which it is called. This behaviour is by design to ensure atomicity and prevent partial state changes.
As a result, if any token transfer fails within the
_prepareor_fillfunctions, the entire transaction will revert, potentially causing unexpected behaviour and loss of gas fees.Impact
The lack of explicit error handling in token transfers within the
_prepareand_fillfunctions can lead to failed transactions and unexpected behaviour. It may result in users losing gas fees without achieving the intended operation, potentially causing frustration and financial loss.Code Snippet
#L208-L218
#L222-L243
#L270-L274
Tool used
Manual Review
Recommendation
Implement explicit error handling mechanisms within the
_prepareand_fillfunctions to handle potential failures in token transfers. This could involve checking the return values of token transfer functions and appropriately handling any errors or reverting with informative error messages.