Unchecked transfer #144
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Handle
0v3rf10w
Vulnerability details
Impact
Unchecked transfer leading to free deposits to attacker account
Proof of Concept
function :: BasicSale._processWithdrawal(uint256,uint256,address) (tge/contracts/PublicSale.sol#212-229)
Several tokens do not revert in case of failure and return false. The return value of transfer mainToken.transfer(_member,v_value) (tge/contracts/PublicSale.sol#224) is not checked, and so if deposit will not revert if the transfer fails, and an attacker can call deposit for free.
Tools Used
Manual
Recommended Mitigation Steps
Return value needs to checked or use SafeREC20
The text was updated successfully, but these errors were encountered: