search

sherlock-audit / 2024-04-teller-finance-judging

6 stars 6 forks source link

psb01 - Consider using safeTransfer/safeTransferFrom instead of transfer/transferFrom #288

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 2 months ago

psb01

medium

Consider using safeTransfer/safeTransferFrom instead of transfer/transferFrom

Summary

Vulnerability Detail

It's advisable to include a require() statement that validates the return value of token transfers, or to use OpenZeppelin's safeTransfer or safeTransferFrom, unless you're confident that the token will revert on failure. Neglecting this precaution can lead to silent transfer failures, causing errors in token accounting within the contract.

Impact

Token transfer may fail silently without revert.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L313 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L412 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L446 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L459 https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/FlashRolloverLoan_G5.sol#L111

Tool used

Manual Review

Recommendation

use safeTransfer/safeTransferFrom or require() consistently.

Duplicate of #50