You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
sherlock-admin opened this issue
May 5, 2023
· 1 comment
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Return of arbitrary ERC20 transfer is not checked in escrow
Summary
The return value of erc20.transfer call in transferERC20() is not checked.
Vulnerability Detail
Several tokens do not revert in case of transfer failure and return false instead. If one of these tokens is used here, although transfer fails, transferERC20() will not revert. Moreover, the return value is not returned to the caller, which makes it impossible to handle this issue in case it is called by another contract that expects a successful transfer.
Impact
Depending on where the function is called from, the impact can be quite severe.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
BAHOZ
medium
Return of arbitrary ERC20 transfer is not checked in escrow
Summary
The return value of erc20.transfer call in
transferERC20()
is not checked.Vulnerability Detail
Several tokens do not revert in case of transfer failure and return
false
instead. If one of these tokens is used here, although transfer fails,transferERC20()
will not revert. Moreover, the return value is not returned to the caller, which makes it impossible to handle this issue in case it is called by another contract that expects a successful transfer.Impact
Depending on where the function is called from, the impact can be quite severe.
Code Snippet
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumEscrow.sol#L110
Tool used
Static Analysis
Recommendation
Require the return value of the transfer to be
true
or use OZ'sSafeERC20
wrapper for ERC20 tokens.Duplicate of #86
The text was updated successfully, but these errors were encountered: