Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-05-FACTORYDAO-FINDINGS-ISSUES-286
HistoryMay 08, 2022 - 12:00 a.m.

Not all ERC20 tokens return boolean on transfer

2022-05-0800:00:00
Code4rena
github.com
14
erc20 tokens
boolean return
transferfrom
withdraw
reward token
permissionless pool
JSON

Lines of code

Vulnerability details

Impact

Some ERC20 tokens do not conform to the standard of returning a boolean when transfer is called. If one of these tokens is included as a reward token, the withdraw function will be irrevocably broken, and users won’t be able to collect their reward or their deposit tokens. The transferFrom function may work fine, so adding the token works, but withdrawing breaks.

Proof of Concept

See, impact, which pretty much explains it.

Tools Used

Manual Analysis

Recommended Mitigation Steps

Use SafeERC20 library from OpenZeppelin for calling transfer.

The text was updated successfully, but these errors were encountered:

All reactions

JSON