7 matches found
payable.transfer() call will result in loss of unused Ether
Lines of code Vulnerability details Impact batchContribute function carries out funding and transfer in batches by using the payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way programmatical usage of batchContribute...
Unchecked return value when calling ERC20's transfer function inside withdraw function of USDeSilo.sol. It is unsafe transfer of ERC20 tokens.
Lines of code Vulnerability details Summary In withdraw function of USDeSilo.sol there is one call calling ERC20 transfer function on USDe token. And it's return value neither checked nor safeTransfer of SafeERC20 used . So whenever transfer fails then it will not revert. And result in wrong...
Unsafe use of transfer()/transferFrom() with IERC20
Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions do not return booleans as the specification requires, and instead have n...
Unchecked return value of transfer() and transferFrom()
Lines of code Vulnerability details Impact There are multiple external calls to IERC20.transfer and IERC20.transfer in contracts that suppose to transfer out tokens from/to the system. However, there are tokens like USDT that don't return any return value in their implementation of the transfer...
Upgraded Q -> M from 47 [1655572104366]
Judge has assessed an item in Issue 47 as Medium risk. The relevant finding follows: 1. Unsafe use of transfer/transferFrom with IERC20 Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and...
Upgraded Q -> M from 119 [1654475092615]
Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer for ERC20 but uses transferFrom for ERC721 in both exercise and withdraw which may lead to the loss of ERC721 if the...
MochiTreasuryV0.withdrawalCRV use unsafe transfer of ERC20
Handle pants Vulnerability details MochiTreasuryV0.withdrawalCRV use crv.transfer. There are some ERC20 tokens, as USDT for example, that aren't safe to use as crv. Since USDT.transfer doesn't revert on fail, the transfer may fail and because the return value is ignored the function will not...