Lucene search
K

33 matches found

Code423n4
Code423n4
added 2023/12/20 12:0 a.m.11 views

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.14 views

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.7 views

Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.10 views

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.11 views

Interface improperly implemented

Lines of code 34, 34, 34, 34, 30, 31, 32, 34, 35, 38https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audi...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.10 views

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Impact Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations th...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.8 views

Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.6 views

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions on L1 do not return booleans as the...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.10 views

No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts

Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...

7.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.9 views

Verify the correspondence between trading pairs and pools

Lines of code Vulnerability details Impact It may cause the correct ProjectToken to be locked, and transfer the wrong ProjectToken to the beneficiary. Proof of Concept Add test USDC after line 78 in the test file. IERC20 usdc = IERC200xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48; Modify line 142...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.7 views

Out of gas for view function

Lines of code Vulnerability details Impact View function return's array of IERC20. There is no limit for this array Proof of Concept In one time owner of contract can add too much token's and it would take more and more gas to return this transation. Allocation in memory is not so cheap. After 20...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.7 views

Incorrect Trade Settlement in settleTrade() function

Lines of code Vulnerability details Impact /// Settle a single trade, expected to be used with multicall for efficient mass settlement /// @custom:refresher function settleTradeIERC20 sell external; This function takes in only a single IERC20 token as a parameter, with no other information about...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.10 views

Orders may not be fillable due to missing approvals

Lines of code Vulnerability details Not all IERC20 implementations revert when there's a failure in approve. If one of these tokens returns false, there is no check for whether this has happened during the order listing validation, so it will only be detected when the order is attempted. Impact I...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.10 views

IERC20.transfer does not support all ERC20 token

Lines of code Vulnerability details Impact Proof of Concept Token like USDT known for using non-standard ERC20. Missing return boolean on transfer. Contract function handleDeposit will always revert when try to transferfrom this kind of tokens. Tools Used manual review Recommended Mitigation Step...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.15 views

Ignored return value from "IERC20.transferFrom()"

Lines of code Vulnerability details Impact The return value from IERC20.transferFrom in "StableVault" was not checked, a malicious actor could first deposit a number of tokens without actually having it and then subsequently withdraw that amount of tokens from the "StableVault" Proof of Concept...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.14 views

ERC20 approvals may need to be set to 0 beforehand

Lines of code Vulnerability details Impact There are some instances where there is an ERC20 approval for a max uint256 amount. ERC20 tokens such as USDT require the address allowance to be set to 0 beforehand, so this would cause reverts for those tokens. Proof of Concept -Token such as USDT gets...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.18 views

IERC20.transfer doesn't support all ERC20 tokens

Lines of code Vulnerability details Impact IERC20.transfer doesn't support all ERC20 tokens in the function recoverERC20. Proof of Concept In the contract frxETHMinter, the function recoverERC20 is used to recover ERC20 tokens, if someone accidentally sent some of them in the contract. However...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.9 views

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions do not return booleans as the specification requires, and instead have n...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.9 views

Not calling approve(0) before setting a new approval causes the call to revert when used with some tokens

Lines of code Vulnerability details Not calling approve0 before setting a new approval causes the call to revert when used with Tether USDT Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value it will revert if the current approval is not...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.11 views

Use of IERC20.transfer() instead of SafeERC20.safeTransfer()

Lines of code Vulnerability details Impact There are multiple external calls to IERC20.transfer and IERC20.transfer in contracts that suppose to transfer out tokens from/to the system. However, there are tokens like USDT that don't return any return value in their implementation of the transfer...

6.8AI score
Exploits0
Rows per page
Query Builder