You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
sherlock-admin opened this issue
May 5, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
The ERC20.transfer() function returns a Boolean value indicating success, which must be checked for proper execution. Some tokens do not revert if the transfer fails but return false instead.
Vulnerability Detail
Certain non-compliant ERC20 tokens may return false from the transfer and transferFrom function calls, signaling that the transfer has failed. However, if the return value is not checked, the calling contract will not detect the failure, despite the EIP-20 specification requiring a return value check.
It is recommended to use OpenZeppelin's SafeERC20 utility, which includes safeTransfer functions that handle the return value check and non-standard-compliant tokens.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
0xPkhatri
medium
Implement safeTransfer() instead of transfer()
Summary
The ERC20.transfer() function returns a Boolean value indicating success, which must be checked for proper execution. Some tokens do not revert if the transfer fails but return false instead.
Vulnerability Detail
Certain non-compliant ERC20 tokens may return false from the transfer and transferFrom function calls, signaling that the transfer has failed. However, if the return value is not checked, the calling contract will not detect the failure, despite the EIP-20 specification requiring a return value check.
Impact
The protocol or users might experience losses.
Code Snippet
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumEscrow.sol#L105-L111
Tool used
Manual Review
Recommendation
It is recommended to use OpenZeppelin's SafeERC20 utility, which includes safeTransfer functions that handle the return value check and non-standard-compliant tokens.
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol
Duplicate of #86
The text was updated successfully, but these errors were encountered: