Some ERC20 tokens (USDT, BNB, OMG) do not return a boolean on succesful transfer. Checking the returned value of transfer for these tokens will always fail.
Usage of ERC20 interface and require statement in PA1D.sol.
<https://github.com/code-423n4/2022-10-holograph/blob/main/contracts/enforcer/PA1D.sol#L439>
Implement a custom function to transfer tokens by checking if the contract exist and making a a low level call using the ERC20 interface selector. E.g.
function _safeTransfer(address token, address to, uint256 value) private {
require(token.code.length > 0);
(bool success, bytes memory data) =
token.call(abi.encodeWithSelector(ERC20.transfer.selector, to, value));
require(success && (data.length == 0 || abi.decode(data, (bool))));
}
Alternatively, use OpenZeppelin SafeERC20.
The text was updated successfully, but these errors were encountered:
All reactions