M-6 Solmate's SafeTransferLib does not check for token contract's existence
Summary
Vulnerability Detail
There is a subtle difference between the implementation of solmate’s SafeTransferLib and OZ’s SafeERC20: OZ’s SafeERC20 checks if the token is a contract or not, solmate’s SafeTransferLib does not.
https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol#L9@dev Note that none of the functions in this library check that a token has code at all! That responsibility is delegated to the caller
0xjoi
Medium
M-6 Solmate's SafeTransferLib does not check for token contract's existence
Summary
Vulnerability Detail
There is a subtle difference between the implementation of solmate’s SafeTransferLib and OZ’s SafeERC20: OZ’s SafeERC20 checks if the token is a contract or not, solmate’s SafeTransferLib does not. https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol#L9
@dev Note that none of the functions in this library check that a token has code at all! That responsibility is delegated to the callerImpact
Code Snippet
Instances (2):
Tool used
Manual Review
Recommendation