Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 131/133
Findings: 1
Award: $12.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1f8b, 0x5rings, 0xSky, 0xSmartContract, 8olidity, Chom, CodingNameKiki, IllIllI, Ruhum, Sm4rty, brgltd, hansfriese, m9800, magu, pashov, pedroais, peritoflores, prasantgupta52, rokinot, seyni
12.4859 USDC - $12.49
Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG.
So frxETHMinter.recoverERC20() might revert with such tokens.
As we can see here, some tokens don't return a bool on transfer.
So this line will revert with such tokens like USDT.
So the token will be locked inside the contract.
Solidity Visual Developer of VSCode
Use the OpenZepplin's safeTransfer and safeTransferFrom functions.
#0 - FortisFortuna
2022-09-25T21:35:47Z
Not really medium risk. Technically you could use safeTransfer, but if someone were to accidentally send something to this contract, it would most likely be either ETH, FRAX, frxETH, or sfrxETH, all of which are transfer compliant.
#1 - joestakey
2022-09-26T16:29:50Z
Duplicate of #18