Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 132/133
Findings: 1
Award: $12.49
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Lambda
Also found by: 0x1f8b, 0x5rings, 0xSky, 0xSmartContract, 8olidity, Chom, CodingNameKiki, IllIllI, Ruhum, Sm4rty, brgltd, hansfriese, m9800, magu, pashov, pedroais, peritoflores, prasantgupta52, rokinot, seyni
12.4859 USDC - $12.49
Tokens such as USDT that do not conform to the ERC20 token standard do not return a boolean in the transfer function.
Contract function recoverERC20 will always revert when try to transfer this kind of tokens.
manual
use SafeERC20.safeTransfer function instead of IERC20 transfer.γThis function can use the call function to receive a bool value and verify that the transfer function has been executed. https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol
#0 - FortisFortuna
2022-09-25T21:30:41Z
Not really medium risk. Technically you could use safeTransfer, but if someone were to accidentally send something to this contract, it would most likely be either ETH, FRAX, frxETH, or sfrxETH, all of which are transfer compliant.
#1 - joestakey
2022-09-26T15:22:43Z
Duplicate of #18