125 matches found
unchecked return value from Transfer/TransferFrom()
Handle JMukesh Vulnerability details Impact The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Proof of Concept Tools Used manual...
Erc20.transferFrom() doesn't work on non-standard compliant tokens like USDT
Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on transferFrom. The function Erc20.transferFrom reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant tok...
Erc20.transferFrom() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...
SettV3.transferFrom block lock can be circumvented
Handle cmichel Vulnerability details Vulnerability Details The SettV3.transferFrom implements a blockLocked call to prevent users to call several functions at once, for example, deposit and then transferring the tokens. function blockLocked internal view requireblockLockmsg.sender block.number,...
ambiguous transferFrom
Handle jonah1005 Vulnerability details Impact In function redeemToken, it uses transferFrom instead of transfer. It might stop users from redeeming tokens. Proof of Concept Tools Used None Recommended Mitigation Steps Use safeTransfer instead. --- The text was updated successfully, but these erro...
redeemToken can fail for certain tokens
Handle cmichel Vulnerability details The SwappableYieldSource.redeemToken function transfers tokens from the contract back to the sender, however, it uses the ERC20.transferFromaddressthis, msg.sender, redeemableBalance function for this. Some deposit token implementations might fail as...
Return values of BEP20.transfer and BEP20.transferFrom are unchecked
Handle shw Vulnerability details Impact The return values of BEP20.transfer and BEP20.transferFrom are not checked to be true in multiple contracts. The return value could be false if the transferred token is not BEP20-compliant, indicating that the transfer fails, while the calling contract will...
No ERC20 safe* versions called
Handle cmichel Vulnerability details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. This is generally not a...
unchecked return value from Transfer()/TransferFrom
Handle JMukesh Vulnerability details Impact Proof of Concept Tools Used manual review Recommended Mitigation Steps add a require condition to check the return value --- The text was updated successfully, but these errors were encountered: All reactions...
Return values of ERC20 transfer and transferFrom are unchecked
Handle shw Vulnerability details Impact In some contracts e.g., TracerPerpetualSwaps.sol, the return values of ERC20 transfer and transferFrom are not checked to be true, which could be false if the transferred tokens are not ERC20-compliant. In that case, the transfer fails without being noticed...
Unused return value from transfer()/transferFrom()
Handle JMukesh Vulnerability details Impact return value from transfer/transferFrom ensure success of the call and if not , it describe the reason for. It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given...
Using transferFrom on ERC721 tokens
Handle shw Vulnerability details Editing on a previous submission to correct the details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winner, the transferFrom function is called instead of safeTransferFrom. If the winner is a contra...
Using transferFrom on ERC721 tokens
Handle shw Vulnerability details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winners, the transferFrom keyword is used instead of safeTransferFrom. If any winner is a contract and is not aware of incoming ERC721 tokens, the sent...
safe transfer
Handle gpersoon Vulnerability details Impact 3 of the 5 yield sources use safeTransfer/safeTransferFrom ATokenYieldSource.sol, IdleYieldSource.sol, YearnV2YieldSource.sol However 2 of the 5 yielsd source use transfer/transferFrom and also don't check the result of the functions...
Return values of ERC20 transfer and transferFrom are unchecked
Handle shw Vulnerability details Impact In the contract RCTreasury, the return values of ERC20 transfer and transferFrom are not checked, which could be false if the transferred token is not ERC20-compliant. In that case, the transfer fails without being noticed by the calling contract. Proof of...
Unchecked return value from ERC20
Handle cmichel Vulnerability details Vulnerability Details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. According to the standard the return value must be checked for true, otherwise the transfer wil...
Unused return value from erc20.transfer()/ erc20.transferFrom()
Handle JMukesh Vulnerability details Impact It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure Proof of Concept In RcTreasury.sol Tools Used manual review Recommended...
erc20 transfer and transferFrom functions
Handle pauliax Vulnerability details Impact When transfering erc20 tokens, functions transfer and transferFrom are used. These functions return boolean to indicate if the action was successful, however, none of the usages check the returned value: erc20.transferFrommsgSender, addressthis, amount;...
Unchecked return value of transferFrom in function timeLockERC20
Handle shw Vulnerability details Impact In the function timeLockERC20 line 610, the return value of IERC20.transferFrom is unchecked. The return value could be false if the transferred token is not ERC20-compliant, indicating that the transfer fails. In that case, the variable timelockERC20Balanc...
Unhandled return value of transferFrom in timeLockERC20() could lead to fund loss for recipients
Handle 0xRajeev Vulnerability details Impact ERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return ‘false’ on failure instead of reverting. It is safer to wrap such calls into require statements or use safe wrapper functions implementing...