Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ajayss - User may have his transfer failed when paying price for review #313

Open
sherlock-admin3 opened this issue Nov 4, 2024 · 0 comments
Open

ajayss - User may have his transfer failed when paying price for review #313

sherlock-admin3 opened this issue Nov 4, 2024 · 0 comments
Labels
Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Nov 4, 2024
edited by sherlock-admin4
Loading

ajayss

Medium

User may have his transfer failed when paying price for review

Summary

In EthosReview.sol

        IERC20(paymentToken).transferFrom(msg.sender, address(this), price);

is used,
but safeTransfer is better as it checks the return values and makes sure its executed

Root Cause

using transferFrom instead of safeTransferFrom

Here

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

transfer might fail particularly where some tokens don't allow 0 price transfers, and tokens which may fail and return false.

PoC

No response

Mitigation

use safeTransferFrom to remediate this issue.
@sherlock-admin4 sherlock-admin4 changed the title Dry Yellow Canary - User may have his transfer failed when paying price for review ajayss - User may have his transfer failed when paying price for review Nov 20, 2024
@sherlock-admin3 sherlock-admin3 added Won't Fix The sponsor confirmed this issue will not be fixed Sponsor Confirmed The sponsor acknowledged this issue is valid labels Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3