Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom #8
Labels
Comments
|
Agree wth finding, safeErc20 ftw |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
defsec
Vulnerability details
Impact
It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.
Reference: This similar medium-severity finding from Consensys Diligence Audit of Fei Protocol: https://consensys.net/diligence/audits/2021/01/fei-protocol/#unchecked-return-value-for-iweth-transfer-call
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Consider using safeTransfer/safeTransferFrom or require() consistently.
The text was updated successfully, but these errors were encountered: