The L1GraphTokenGateway does not work on non-standard compliant tokens like USDT

Lines of code Vulnerability details Vulnerability details The L1GraphTokenGateway function uses the standard IERC20 function for the transfer call and proceeds with a checkReturnCode function to handle non-standard compliant tokens that don't return a return value. However, this does not work as...

approve return value is ignored

Handle robee Vulnerability details Some tokens don't correctly implement the EIP20 standard and their approve function returns void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Tokens that don't correctly implement the latest...

Erc20.transferFrom() doesn't work on non-standard compliant tokens like USDT

Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on transferFrom. The function Erc20.transferFrom reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant tok...

Erc20.approve() doesn't work on non-standard compliant tokens like USDT

Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on approve. The function Erc20.approve reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant token like...

Erc20.transfer() doesn't work on non-standard compliant tokens like USDT

Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on transfer. The function Erc20.transfer reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant token like...

TokenHandler.safeTransferIn does not work on non-standard compliant tokens like USDT

Handle cmichel Vulnerability details Vulnerability Details The TokenHandler.safeTransferIn function uses the standard IERC20 function for the transfer call and proceeds with a checkReturnCode function to handle non-standard compliant tokens that don't return a return value. However, this does not...

CompoundToNotionalV2.enableToken ERC20 missing return value check

Handle cmichel Vulnerability details Vulnerability Details The enableToken function performs an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead. Impact Tokens that don't actually perform the approve and retu...

TokenHandler.safeTransferOut does not work on non-standard compliant tokens like USDT

Handle cmichel Vulnerability details Vulnerability Details The TokenHandler.safeTransferOut function uses the standard IERC20 function for the transfer call and proceeds with a checkReturnCode function to handle non-standard compliant tokens that don't return a return value. However, this does no...

Unchecked return value from ERC20

Handle cmichel Vulnerability details Vulnerability Details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. According to the standard the return value must be checked for true, otherwise the transfer wil...

Ubuntu-based PenTest Linux Distribution: BackBox

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...