5 matches found
Solmate saftransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss
Lines of code Vulnerability details In PirexGmx.sol and ERC4626Vault.sol, the contract uses the solmate library which does not check the existence of code at the token address. This is a known issue when using solmate's libraries. Reference: Impact Possible loss of funds and miscalculation. Proof...
Upgraded Q -> M from 47 [1655572104366]
Judge has assessed an item in Issue 47 as Medium risk. The relevant finding follows: 1. Unsafe use of transfer/transferFrom with IERC20 Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and...
uToken's approve() Function is Susceptible to Frontrunning Attacks
Handle leastwood Vulnerability details Impact Order makers will call the approve function to facilitate transactions between order takers and makers. If a taker sees that a maker is seeking to reduce its order exposure by reducing Swivel.sol's allowance, a taker can frontrun this transaction to...
CompoundToNotionalV2.notionalCallback ERC20 return values not checked
Handle cmichel Vulnerability details Vulnerability Details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. S...
ERC20 return values not checked
Handle @cmichelio Vulnerability details Vulnerability Details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Furthermore, some tokens like USDT don't correctly implement the ERC20 standard and don't...