Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2021-07-WILDCREDIT-FINDINGS-ISSUES-67
HistoryJul 13, 2021 - 12:00 a.m.

safeTransferFrom in TransferHelper is not safeTransferFrom

2021-07-1300:00:00
Code4rena
github.com
12
transferhelper
safetransferfrom
non-standard erc20
counterpart deposit
usdt/dai pool
safeerc20
openzeppelin
hardhat
JSON

Handle

jonah1005

Vulnerability details

Impact

A non standard erc20 token would always raise error when calling _safeTransferFrom. If a user creates a USDT/DAI pool and deposit into the pool he would find out there’s never a counterpart deposit.

#Proof of Concept

TransferHelper does not uses SafeERC20 library as the function name implies.

A sample POC:
script:

usdt.functions.approve(lending_pair.address, deposit_amount).transact({'from': w3.eth.accounts[0]})
lending_pair.functions.deposit(w3.eth.accounts[0], usdt.address, deposit_amount).transact({'from': w3.eth.accounts[0]})

Error Message:

  Error: Transaction reverted: function returned an unexpected amount of data
      at LendingPair._safeTransferFrom (contracts/TransferHelper.sol:20)
      at LendingPair.deposit (contracts/LendingPair.sol:95)

Tools Used

Hardhat

Recommended Mitigation Steps

Uses openzeppelin SafeERC20 in transfer helper (and any other contract that uses IERC20).

The text was updated successfully, but these errors were encountered:

All reactions

JSON