bareli - use safetransfer instead of transfer #315
Labels
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
Comments
sherlock-admin4
changed the title
sherlock-admin3
added
Won't Fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
bareli
Medium
use safetransfer instead of transfer
Summary
not all ERC20 tokens return or revert on transfer it may cause the token to be struck .
Root Cause
https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L449
function withdrawFunds(address paymentToken) external onlyOwner {
if (paymentToken == address(0)) {
payable(msg.sender).transfer(address(this).balance);
} else {
IERC20(paymentToken).transfer(msg.sender, IERC20(paymentToken).balanceOf(address(this)));
}
}
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
tokens may get struck .
PoC
No response
Mitigation
use safe transfer and safetransferfrom.
The text was updated successfully, but these errors were encountered: