Some ERC20 tokens do not conform to the standard of returning a boolean when transfer is called. If one of these tokens is included as a reward token, the withdraw function will be irrevocably broken, and users wonβt be able to collect their reward or their deposit tokens. The transferFrom function may work fine, so adding the token works, but withdrawing breaks.
See, impact, which pretty much explains it.
Manual Analysis
Use SafeERC20 library from OpenZeppelin for calling transfer.
The text was updated successfully, but these errors were encountered:
All reactions