Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-01-BEHODLER-FINDINGS-ISSUES-1
HistoryJan 27, 2022 - 12:00 a.m.

transferAndCall sends tokens twice

2022-01-2700:00:00
Code4rena
github.com
14
JSON

Handle

cccz

Vulnerability details

Impact

The Flan contract is inherited from the ERC677 contract. In the transferAndCall function of the ERC677 contract, the super.transfer and _transfer functions will be called, which will cause the token to be sent twice.

    function transferAndCall(
        address _to,
        uint256 _value,
        bytes memory _data
    ) public returns (bool success) {
        super.transfer(_to, _value);
        _transfer(msg.sender, _to, _value);
        if (isContract(_to)) {
            contractFallback(_to, _value, _data);
        }
        return true;
    }

#Proof of Concept

Tools Used

None

Recommended Mitigation Steps

    function transferAndCall(
        address _to,
        uint256 _value,
        bytes memory _data
    ) public returns (bool success) {
-      super.transfer(_to, _value);
        _transfer(msg.sender, _to, _value);
        if (isContract(_to)) {
            contractFallback(_to, _value, _data);
        }
        return true;
    }

The text was updated successfully, but these errors were encountered:

All reactions

JSON