Tokens that return false on failed transfer is not supported
Summary
Tokens that return false on failed transfer is not supported.
Vulnerability Detail
We are allowing any standard token that would be compatible with Uniswap V3 to work with our codebase, just as was the case for the original audit of TellerV2.sol . The tokens are assumed to be able to work with Uniswap V3.
Weird tokens that do no revert on failed transfers and return false instead is compatible with Uniswap V3, but in code in many places return value not checked => false transfer will be accepted by protocol.
0xLogos
high
Tokens that return false on failed transfer is not supported
Summary
Tokens that return false on failed transfer is not supported.
Vulnerability Detail
Weird tokens that do no revert on failed transfers and return false instead is compatible with Uniswap V3, but in code in many places return value not checked => false transfer will be accepted by protocol.
Impact
False transfers and false repayments
Code Snippet
Search for ".transfer" here
https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L911
Tool used
Manual Review
Recommendation
Use safeTransfer/safeTransferFrom
Duplicate of #50