In withdraw function of USDeSilo.sol there is one call calling ERC20 transfer function on USDe token. And itβs return value neither checked nor safeTransfer of SafeERC20 used . So whenever transfer fails then it will not revert. And result in wrong execution of withdraw function of USDeSilo.sol.
Since transfer is called upon USDe token which is made using openzeppelinβs ERC20 contract. So it will return true when transfer successful. It will not revert on failure.
28: function withdraw(address to, uint256 amount) external onlyStakingVault {
29: USDE.transfer(to, amount);//@audit return value should be checked OR use safeTransfer
30: }
Whenever transfer fails then it will not revert. And result in wrong execution of withdraw function of USDeSilo.sol.
Manual
Since it is USDe token which is made using openzeppelin ERC20 contract so for this return value should be checked because it will not revert on failure.
Token-Transfer
The text was updated successfully, but these errors were encountered:
All reactions