97 matches found
Tokens Can Be Stolen By Frontrunning VestedRewardPool.vest() and VestedRewardPool.lock()
Handle leastwood Vulnerability details Impact The VestedRewardPool.sol contract is a public facing contract aimed at vesting tokens for a minimum of 90 days before allowing the recipient to withdraw their mochi. The vest function does not utilise safeTransferFrom to ensure that vested tokens are...
exitZcTokenFillingZcTokenInitiate in Swivel.sol, token transfer may fail without function reverting
Handle GalloDaSballo Vulnerability details Impact exitZcTokenFillingZcTokenInitiate in Swivel.sol uses transferFrom this function can failmeaning tokens are not transferred,without causing a revert. This can break the accounting of the protocol The reason why this can happen is that certain ERC20...
Swivel.sol transfer of tokens in initiateZcTokenFillingZcTokenExit and initiateVaultFillingVaultExit can fail without reverting causing account problems
Handle GalloDaSballo Vulnerability details Impact initiateZcTokenFillingZcTokenExit and initiateVaultFillingVaultExit in Swivel.sol are using transferFrom This function call can fail meaning the tokens are not transferred without causing a revert This would break the accounting in the protocol I...
Erc20.transferFrom() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...
Inconsistent balance when supplying transfer-on-fee or deflationary tokens
Handle shw Vulnerability details Impact The supplyTokenTo function of SwappableYieldSource assumes that amount of depositToken is transferred to itself after calling the safeTransferFrom function and thus it supplies amount of token to the yield source. However, this may not be true if the...
redeemToken sends tokens with safeTransferFrom
Handle pauliax Vulnerability details Impact function redeemToken sends tokens to the msg.sender by using safeTransferFrom: depositToken.safeTransferFromaddressthis, msg.sender, redeemableBalance; For safeTransferFrom to work it needs to have an enough approval. In this case, obviously this contra...
supplyTokenTo doesn't account for safeTransferFrom fees
Handle gpersoon Vulnerability details Impact The function supplyTokenTo of MStableYieldSource retrieves the tokens from the msg.sender and deposits them. However some tokens, like USDT might subtract a fee when transferring tokens. This means less tokens would be transferred than expected. If thi...
safeTransferFrom in TransferHelper is not safeTransferFrom
Handle jonah1005 Vulnerability details Impact A non standard erc20 token would always raise error when calling safeTransferFrom. If a user creates a USDT/DAI pool and deposit into the pool he would find out there's never a counterpart deposit. Proof of Concept TransferHelper does not uses SafeERC...
SafetyWithdraw ERC20 return values not checked
Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should be checked for success. The SafetyWithdraw.withdrawERC20Token function does not check the return value: function withdrawERC20Token address...
Insurance ERC20 return values not checked
Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should be checked for success. The Insurance.deposit and Insurace.withdraw functions dp not check the return value: // deposit...
Using transferFrom on ERC721 tokens
Handle shw Vulnerability details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winners, the transferFrom keyword is used instead of safeTransferFrom. If any winner is a contract and is not aware of incoming ERC721 tokens, the sent...
Using transferFrom on ERC721 tokens
Handle shw Vulnerability details Editing on a previous submission to correct the details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winner, the transferFrom function is called instead of safeTransferFrom. If the winner is a contra...
BadgerYieldSource ERC20 return values not checked
Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. It is not checked in...
RCNftHubL2.safeTransferFrom not accoring to spec
Handle cmichel Vulnerability details Vulnerability Details The RCNftHubL2.safeTransferFrom function does not correctly implement the ERC721 spec: When using safeTransferFrom, the token contract checks to see that the receiver is an IERC721Receiver, which implies that it knows how to handle ERC721...
function timeLockERC20 does not check the return value of transferFrom
Handle paulius.eth Vulnerability details Impact function timeLockERC20 uses transferFrom for erc20 transfers, however, it does not check the return value. According to the ERC20 standard, this function should return a boolean to indicate success. Not checking that may not work with some tokens...
Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom
Handle 0xRajeev Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause...
Potential reentrancy in safeTransferFrom functions
Handle 0xRajeev Vulnerability details Impact Reentrancy possible from onERC721Received implementation of a malicious contract at to address. But it doesn’t look like this cannot be exploited here because there are no state effects after the external interaction i.e. CEI pattern holds. Consider...