Tokens will be permanently locked in the LenderCommitmentGroup_Smart contract if used as a principal token.
Vulnerability Detail
Certain ERC20 tokens, like BNB, return a bool value instead of reverting when transfer() and transferFrom() function calls fail. This can lead to transaction failures not being reverted, potentially resulting in loss of funds.
Impact
Failure of token transfers can lead to significant issues. For instance, using a token like BNB as the principal token may cause users to lose their poolShareToken.
FastTiger
high
Locking Collateral in the Contract
Summary
Tokens will be permanently locked in the LenderCommitmentGroup_Smart contract if used as a principal token.
Vulnerability Detail
Certain ERC20 tokens, like BNB, return a bool value instead of reverting when transfer() and transferFrom() function calls fail. This can lead to transaction failures not being reverted, potentially resulting in loss of funds.
Impact
Failure of token transfers can lead to significant issues. For instance, using a token like BNB as the principal token may cause users to lose their poolShareToken.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L412 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L313 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L446 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L459
Tool used
Manual Review
Recommendation
Consider using OpenZeppelin's
safeTransfer()/safeTransferFrom()
function, which can handle cases where the return value is missing.Duplicate of #50