Platform: Code4rena
Start Date: 16/12/2021
Pot Size: $100,000 USDC
Total HM: 21
Participants: 25
Period: 7 days
Judge: alcueca
Total Solo HM: 12
Id: 66
League: ETH
Rank: 25/25
Findings: 1
Award: $11.54
π Selected for report: 0
π Solo Findings: 0
π Selected for report: defsec
Also found by: 0x1f8b, Jujic, WatchPug, broccolirob, certora, cmichel, csanuragjain, hyh, jayjonah8, kenzo, robee, sirhashalot
11.5426 USDC - $11.54
broccolirob
The transfer function on ERC20 tokens returns a boolean value if successful. That value is not checked in several places in the Yeti protocol. Yeti has to whitelist, but it's unreasonable to think they can monitor for all implementation changes across all tokens.
Internal balances will be inaccurate if transfer's fail.
transfer that returns false under certain circumstances.Use OpenZeppelin's SafeERC20, or ensure that the transfer/transferFrom return value is always checked.
#0 - kingyetifinance
2022-01-06T07:09:53Z
@LilYeti: Duplicate with #1 and is medium / level 2 severity
#1 - kingyetifinance
2022-01-10T06:23:32Z
Fixed
#2 - alcueca
2022-01-15T07:27:14Z
Duplicate of #94