sherlock-audit / 2024-04-teller-finance-judging

10 stars 9 forks source link

FastTiger - Locking Collateral in the Contract #256

Closed sherlock-admin4 closed 5 months ago

sherlock-admin4 commented 5 months ago

FastTiger

high

Locking Collateral in the Contract

Summary

Tokens will be permanently locked in the LenderCommitmentGroup_Smart contract if used as a principal token.

Vulnerability Detail

Certain ERC20 tokens, like BNB, return a bool value instead of reverting when transfer() and transferFrom() function calls fail. This can lead to transaction failures not being reverted, potentially resulting in loss of funds.

Impact

Failure of token transfers can lead to significant issues. For instance, using a token like BNB as the principal token may cause users to lose their poolShareToken.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L412 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L313 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L446 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L459

Tool used

Manual Review

Recommendation

Consider using OpenZeppelin's safeTransfer()/safeTransferFrom() function, which can handle cases where the return value is missing.

Duplicate of #50