search

sherlock-audit / 2024-02-tapioca-judging

3 stars 2 forks source link

bareli - Some ERC20 can revert on a zero value transfer #106

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 4 months ago

bareli

medium

Some ERC20 can revert on a zero value transfer

Summary

Not all ERC20 implementations are totally compliant, and some (e.g LEND) may fail while transfering a zero amount.

Vulnerability Detail

function emergencySaveTokens(address _token, uint256 _amount) external onlyOwner { if (_token == address(0)) { (bool sent,) = msg.sender.call{value: _amount}(""); if (!sent) revert Failed(); emit EmergencySaved(_token, _amount, true); } else { @> IERC20(_token).safeTransfer(msg.sender, _amount); emit EmergencySaved(_token, _amount, false); } }

Impact

Not all ERC20 implementations are totally compliant, and some (e.g LEND) may fail while transfering a zero amount.

Code Snippet

https://github.com/sherlock-audit/2024-02-tapioca/blob/main/TapiocaZ/contracts/Balancer.sol#L212

Tool used

Manual Review

Recommendation

function emergencySaveTokens(address _token, uint256 _amount) external onlyOwner { @>if (amount>0) { if (_token == address(0)) { (bool sent,) = msg.sender.call{value: _amount}(""); if (!sent) revert Failed(); emit EmergencySaved(_token, _amount, true); } else { IERC20(_token).safeTransfer(msg.sender, _amount); emit EmergencySaved(_token, _amount, false); } } }

maarcweiss commented 4 months ago

Invalid

nevillehuang commented 3 months ago

Invalid, such tokens were not mentioned to be supported in the contest details