Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

ctf_sec - Certain ERC20 token does not return bool from approve and transfer and transaction revert #14

Open
sherlock-admin opened this issue May 5, 2023 · 1 comment
Open

ctf_sec - Certain ERC20 token does not return bool from approve and transfer and transaction revert #14

sherlock-admin opened this issue May 5, 2023 · 1 comment
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid

Comments

@sherlock-admin
Copy link
Contributor

ctf_sec

medium

Certain ERC20 token does not return bool from approve and transfer and transaction revert

Summary

Certain ERC20 token does not return bool from approve and transfer and transaction revert

Vulnerability Detail

According to

https://github.com/d-xo/weird-erc20#missing-return-values

Some tokens do not return a bool on ERC20 methods and use IERC20 token interface will revert transaction

Certain ERC20 token does not return bool from approve and transfer and transaction revert

   function setApprovalForERC20(
        IERC20 erc20Contract,
        address to,
        uint256 amount
    ) external onlyClubOwner {
        erc20Contract.approve(to, amount);
    }

and

function transferERC20(
	IERC20 erc20Contract,
	address to,
	uint256 amount
) external onlyClubOwner {
	erc20Contract.transfer(to, amount);
}

the transfer / approve can fail slienlty

Impact

Some tokens do not return a bool on ERC20 methods and use IERC20 token interface will revert transaction

Code Snippet

https://github.com/sherlock-audit/2023-04-footium/blob/11736f3f7f7efa88cb99ee98b04b85a46621347c/footium-eth-shareable/contracts/FootiumEscrow.sol#L80

https://github.com/sherlock-audit/2023-04-footium/blob/11736f3f7f7efa88cb99ee98b04b85a46621347c/footium-eth-shareable/contracts/FootiumEscrow.sol#L95

Tool used

Manual Review

Recommendation

Use Openzeppelin SafeTransfer / SafeApprove
@github-actions github-actions bot added Medium A valid Medium severity issue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels May 10, 2023
This was referenced May 10, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@logiclogue logiclogue added the Sponsor Confirmed The sponsor acknowledged this issue is valid label May 16, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label May 22, 2023
@innertiaJP innertiaJP mentioned this issue May 22, 2023
Closed
@0xJuancito 0xJuancito mentioned this issue May 22, 2023
Closed
@GalloDaSballo GalloDaSballo mentioned this issue May 22, 2023
Closed
@8ahoz 8ahoz mentioned this issue May 24, 2023
Closed
@logiclogue
Copy link

May not fix depending on whether the escrow is dropped

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@logiclogue @sherlock-admin