SafeTransferLib's safeApprove() does not set allowance 0 first which would lead to the escrow encountering issues when dealing with tether's USDT or tokens like it.

Lines of code Vulnerability details Impact Medium... a number of features within the protocol will not work if an approval reverts in the escrow or anywhere else NB: Report mainly focuses on the usage of the SafeTransferLib's safeApprove, but bug is attached to the underlying call made to approve...

InvestmentManager.requestDeposit Arbitrary send erc20

Lines of code Vulnerability details Impact InvestmentManager.requestDeposit. In this function, the SafeTransferLib.safeTransferFrom function is called with an arbitrary from address. This means that the attacker can control who the tokens are transferred from. Proof of Concept Tools Used manual...

[H-01] User that fuse more tiles to Namespace NFT pay lesser fusing costs instead of greater

Lines of code Vulnerability details Impact User that fuses more tiles will pay lesser fusing costs to revenueAddress instead of higher cost as intended Proof of Concept Namespace.solL110-L114 /Namespace.sol 110: function fuseCharacterData calldata characterList external 111: uint256 numCharacters...

Unsafe cast on uniswapV3SwapCallback can get all assets in the contract

Lines of code Vulnerability details Unsafe cast on uniswapV3SwapCallback can get all assets in the contract Summary Type cast with overflows doesn't throw an error / revert therefore, value can be transferred out just by calling the method. Contracts that inherit from SwapHelper:...

Solmate's SafeTransferLib won't check if token has code, which can affect transfers in SizeSealed

Lines of code Vulnerability details Impact Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in SizeSealed. Note that this might not be a problem for baseToken due to the check implemented in L103. However, thi...

IERC20.transfer doesn't support all ERC20 tokens

Lines of code Vulnerability details Impact IERC20.transfer doesn't support all ERC20 tokens in the function recoverERC20. Proof of Concept In the contract frxETHMinter, the function recoverERC20 is used to recover ERC20 tokens, if someone accidentally sent some of them in the contract. However...

Doesn’t check order.baseAsset.code when exercising call order

Lines of code Vulnerability details Impact It is safe to check order.baseAsset.code.length and token.code.length in fillOrder and transferERC20sIn. Because SafeTransferLib doesn’t check whether the erc20 token is actually a contract. /// @dev Note that none of the functions in this library check...

Using SafeTransferLib as a transfer medium has a certain probability of causing problems

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function exerciseOrder memory order, uint256 calldata floorAssetTokenIds public payable / CHECKS / bytes32 orderHash = hashOrderorder; // check user owns the position requireownerOfuint256orderHash ==...

Upgraded Q -> M from 72 [1655579867255]

Judge has assessed an item in Issue 72 as Medium risk. The relevant finding follows: Use SafeTransferLib for all ETH send With the exception of issueRefund, other transfer should allow forward all gas to finish the transaction. To prevent case of costing more than 23000 gas for transfer. Line1...