Lucene search
K

125 matches found

Code423n4
Code423n4
added 2021/10/06 12:0 a.m.11 views

unchecked return value from Transfer/TransferFrom()

Handle JMukesh Vulnerability details Impact The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Proof of Concept Tools Used manual...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.11 views

Erc20.transferFrom() doesn't work on non-standard compliant tokens like USDT

Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on transferFrom. The function Erc20.transferFrom reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant tok...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.8 views

Erc20.transferFrom() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.5 views

SettV3.transferFrom block lock can be circumvented

Handle cmichel Vulnerability details Vulnerability Details The SettV3.transferFrom implements a blockLocked call to prevent users to call several functions at once, for example, deposit and then transferring the tokens. function blockLocked internal view requireblockLockmsg.sender block.number,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/01 12:0 a.m.7 views

ambiguous transferFrom

Handle jonah1005 Vulnerability details Impact In function redeemToken, it uses transferFrom instead of transfer. It might stop users from redeeming tokens. Proof of Concept Tools Used None Recommended Mitigation Steps Use safeTransfer instead. --- The text was updated successfully, but these erro...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/31 12:0 a.m.6 views

redeemToken can fail for certain tokens

Handle cmichel Vulnerability details The SwappableYieldSource.redeemToken function transfers tokens from the contract back to the sender, however, it uses the ERC20.transferFromaddressthis, msg.sender, redeemableBalance function for this. Some deposit token implementations might fail as...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/24 12:0 a.m.14 views

Return values of BEP20.transfer and BEP20.transferFrom are unchecked

Handle shw Vulnerability details Impact The return values of BEP20.transfer and BEP20.transferFrom are not checked to be true in multiple contracts. The return value could be false if the transferred token is not BEP20-compliant, indicating that the transfer fails, while the calling contract will...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.12 views

No ERC20 safe* versions called

Handle cmichel Vulnerability details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. This is generally not a...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.8 views

unchecked return value from Transfer()/TransferFrom

Handle JMukesh Vulnerability details Impact Proof of Concept Tools Used manual review Recommended Mitigation Steps add a require condition to check the return value --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/02 12:0 a.m.14 views

Return values of ERC20 transfer and transferFrom are unchecked

Handle shw Vulnerability details Impact In some contracts e.g., TracerPerpetualSwaps.sol, the return values of ERC20 transfer and transferFrom are not checked to be true, which could be false if the transferred tokens are not ERC20-compliant. In that case, the transfer fails without being noticed...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.10 views

Unused return value from transfer()/transferFrom()

Handle JMukesh Vulnerability details Impact return value from transfer/transferFrom ensure success of the call and if not , it describe the reason for. It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/24 12:0 a.m.10 views

Using transferFrom on ERC721 tokens

Handle shw Vulnerability details Editing on a previous submission to correct the details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winner, the transferFrom function is called instead of safeTransferFrom. If the winner is a contra...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/24 12:0 a.m.11 views

Using transferFrom on ERC721 tokens

Handle shw Vulnerability details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winners, the transferFrom keyword is used instead of safeTransferFrom. If any winner is a contract and is not aware of incoming ERC721 tokens, the sent...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/20 12:0 a.m.8 views

safe transfer

Handle gpersoon Vulnerability details Impact 3 of the 5 yield sources use safeTransfer/safeTransferFrom ATokenYieldSource.sol, IdleYieldSource.sol, YearnV2YieldSource.sol However 2 of the 5 yielsd source use transfer/transferFrom and also don't check the result of the functions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/17 12:0 a.m.17 views

Return values of ERC20 transfer and transferFrom are unchecked

Handle shw Vulnerability details Impact In the contract RCTreasury, the return values of ERC20 transfer and transferFrom are not checked, which could be false if the transferred token is not ERC20-compliant. In that case, the transfer fails without being noticed by the calling contract. Proof of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.13 views

Unchecked return value from ERC20

Handle cmichel Vulnerability details Vulnerability Details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. According to the standard the return value must be checked for true, otherwise the transfer wil...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/15 12:0 a.m.9 views

Unused return value from erc20.transfer()/ erc20.transferFrom()

Handle JMukesh Vulnerability details Impact It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure Proof of Concept In RcTreasury.sol Tools Used manual review Recommended...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/14 12:0 a.m.11 views

erc20 transfer and transferFrom functions

Handle pauliax Vulnerability details Impact When transfering erc20 tokens, functions transfer and transferFrom are used. These functions return boolean to indicate if the action was successful, however, none of the usages check the returned value: erc20.transferFrommsgSender, addressthis, amount;...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/05/20 12:0 a.m.11 views

Unchecked return value of transferFrom in function timeLockERC20

Handle shw Vulnerability details Impact In the function timeLockERC20 line 610, the return value of IERC20.transferFrom is unchecked. The return value could be false if the transferred token is not ERC20-compliant, indicating that the transfer fails. In that case, the variable timelockERC20Balanc...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/05/19 12:0 a.m.12 views

Unhandled return value of transferFrom in timeLockERC20() could lead to fund loss for recipients

Handle 0xRajeev Vulnerability details Impact ERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return ‘false’ on failure instead of reverting. It is safer to wrap such calls into require statements or use safe wrapper functions implementing...

6.9AI score
Exploits0
Rows per page
Query Builder