0xLeveler - using transfer will cause rescueToken to fail for some tokens

[sherlock-admin2]

0xLeveler

Medium

using transfer will cause rescueToken to fail for some tokens

Summary

the idea of the rescueToken function is to withdraw ERC20 tokens that may have been accidentally sent to the contract,when using transfer, if the return value of the transfer is not checked, it is possible that the transfer fails silently (returning a false ).

Root Cause

tokens that do not return boolean will fail when called with rescueToken

https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/StreamEscrow.sol#L293

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

1. admin calls rescueToken to withdraw ERC20 that were accidentally sent to the contract, if these include some weird ERC20s, the function will not serve it's purpose, and the funds will be stuck permanently

    function rescueToken(address token, address to, uint256 amount) external onlyDAO {
        IERC20(token).transfer(to, amount);
    }

Impact

some tokens will be stuck permanently in the contract

PoC

No response

Mitigation

use safeERC20 and safeTransfer for token transfers instead of transfer