Back to cmichel's contests

Behodler contest - cmichel's results

Ethereum liquidity protocol powered by token bonding curves.

General Information

Platform: Code4rena

Start Date: 27/01/2022

Pot Size: $90,000 USDC

Total HM: 21

Participants: 33

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 14

Id: 78

League: ETH

Behodler

Findings Distribution

Researcher Performance

Rank: 30/33

Findings: 1

Award: $17.33

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBehodler

Findings Information

🌟 Selected for report: robee

Also found by: 0v3rf10w, 0x1f8b, BouSalman, Dravee, Fitraldys, Ruhum, bobi, cmichel, hyh, p4st13r4, shw

Labels

bug
duplicate
1 (Low Risk)

Awards

17.3281 USDC - $17.33

External Links

Link to GitHub issue

Handle

cmichel

Vulnerability details

The ERC20.transfer() and ERC20.transferFrom() functions return a boolean value indicating success. This parameter should be checked for success. Some tokens do not revert if the transfer failed but return false instead.

Occurrences:

  • FlanBackstop.purchasePyroFlan: IERC20(stablecoin).transferFrom(msg.sender, flanLP, amount / 2):

Impact

Tokens that don't actually perform the transfer and return false are still counted as a correct transfer.

We recommend either checking the success boolean or using OpenZeppelin’s SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.

#0 - gititGoro

2022-02-09T23:05:52Z

duplicate of issue 43

#1 - jack-the-pug

2022-02-16T14:22:13Z

Dup #37

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter