Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/08/07 12:0 a.m.13 views

UNCHECKED TRANSFER

Lines of code Vulnerability details Impact Some tokens do not revert the transaction when transferFrom fails and returns False. Hence we must check the return value after calling the transfer or transferFrom function. Proof of Concept Check the last answer here: In short: Using...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.10 views

In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT’s approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. Li...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.15 views

Protocol unusable for some ERC20 tokens (bad tokens)

Lines of code Vulnerability details Impact Protocol unusable for some ERC20 tokens bad tokens PoC Some tokens don't correctly implement the EIP20 standard and their transfer/transferFrom return void The so called bad tokens. More info This makes the transaction revert when calling. Recommended Us...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.14 views

ERC20 tokens with no return value will fail to transfer

Lines of code Vulnerability details Although the ERC20 standard suggests that a transfer should return true on success, many tokens are non-compliant in this regard including high profile, like USDT . In that case, the .transfer call here will revert even if the transfer is successful, because...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.14 views

approve and safeApprove Should Approve the Zero Amount First

Lines of code Vulnerability details Impact The PooledCreditLine.sol and LenderPool.sol contracts approve the strategy contract on the collateral or borrow assets before depositing funds. This allows the strategy contracts to transfer on behalf of these contracts, pulling assets out from the pool...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/17 12:0 a.m.4 views

Non-Standard ERC20 Tokens Are Not Supported

Lines of code Vulnerability details Impact There are several contracts which do not utilise OpenZeppelin's SafeERC20 library when performing token transfers. The Redacted Cartel suite of smart contracts intends to support bribes from all tokens, including non-standard tokens such as USDT which do...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.16 views

Unsafe token transfer

Handle WatchPug Vulnerability details Calling ERC20.transfer without handling the returned value is unsafe. function processWithdrawal uint era, uint day, address member private returns uint value uint memberUnits = mapEraDayMemberUnitseradaymember; // Get Member Units if memberUnits == 0 value =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.12 views

No ERC20 safe* versions called

Handle cmichel Vulnerability details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. This is generally not a...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.13 views

No check transferFrom() return value

Handle s1m0 Vulnerability details Impact The smart contract doesn't check the return value of token.transfer and token.transferFrom, some erc20 token might not revert in case of error but return false. In the TracerPerpetualSwaps:deposit and Insurance:deposit this would allow a user to deposit fo...

6.9AI score
Exploits0
Rows per page
Query Builder