Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-06-YIELDY-FINDINGS-ISSUES-206
HistoryJun 26, 2022 - 12:00 a.m.

Unsafe transferFrom()

2022-06-2600:00:00
Code4rena
github.com
6
vulnerability
impact
proof of concept
transferfrom
revert
user
migration
funds
implement
check
mitigation
JSON

Lines of code

Vulnerability details

Impact

Yieldy.transferFrom() returns false on failure instead of reverting.
This might lead to moveFundsToUpgradedContract() incorrectly unstaking and restaking tokens, potentially causing user or Migration.sol to lose funds depending on NEW_CONTRACT and OLD_CONTRACT implementations.

#Proof of Concept

        IYieldy(OLD_YIELDY_TOKEN).transferFrom(
            msg.sender,
            address(this),
            userWalletBalance
        );

No check for boolean return value from transferFrom()

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a check on the return value of transferFrom().

The text was updated successfully, but these errors were encountered:

All reactions

JSON