Lucene search

K
code423n4Code4renaCODE423N4:2022-06-YIELDY-FINDINGS-ISSUES-206
HistoryJun 26, 2022 - 12:00 a.m.

Unsafe transferFrom()

2022-06-2600:00:00
Code4rena
github.com
6

Lines of code

Vulnerability details

Impact

Yieldy.transferFrom() returns false on failure instead of reverting.
This might lead to moveFundsToUpgradedContract() incorrectly unstaking and restaking tokens, potentially causing user or Migration.sol to lose funds depending on NEW_CONTRACT and OLD_CONTRACT implementations.

#Proof of Concept

        IYieldy(OLD_YIELDY_TOKEN).transferFrom(
            msg.sender,
            address(this),
            userWalletBalance
        );

No check for boolean return value from transferFrom()

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a check on the return value of transferFrom().


The text was updated successfully, but these errors were encountered:

All reactions