Open sherlock-admin2 opened 3 weeks ago
bareli
Medium
not all ERC20 tokens return or revert on transfer it may cause the token to be struck .
https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L449 function withdrawFunds(address paymentToken) external onlyOwner { if (paymentToken == address(0)) { payable(msg.sender).transfer(address(this).balance); } else { IERC20(paymentToken).transfer(msg.sender, IERC20(paymentToken).balanceOf(address(this))); } }
No response
tokens may get struck .
use safe transfer and safetransferfrom.
bareli
Medium
use safetransfer instead of transfer
Summary
not all ERC20 tokens return or revert on transfer it may cause the token to be struck .
Root Cause
https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L449 function withdrawFunds(address paymentToken) external onlyOwner { if (paymentToken == address(0)) { payable(msg.sender).transfer(address(this).balance); } else { IERC20(paymentToken).transfer(msg.sender, IERC20(paymentToken).balanceOf(address(this))); } }
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
tokens may get struck .
PoC
No response
Mitigation
use safe transfer and safetransferfrom.