You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The contract does not check the code size of token addresses, which may lead to fund losses.
Vulnerability Details
The contract does not check the code size of token addresses, which may lead to fund losses.If transferFrom() are called on a token address that doesn't have a contract in it, it will always return success, bypassing the return value check.This could lead to users minting tokens for free or cause significant fund losses.This is the reference link to the previous :sherlock-audit/2022-11-bond-judging#8
Impact
Hence this may lead to miscalculation of funds and may lead to loss of funds.
Tools Used
vscode
Recommendations
Use openzeppelin's safeERC20 or implement a code existence check
The text was updated successfully, but these errors were encountered:
The contract does not check the code size of token addresses, which may lead to fund losses.
Severity
Medium Risk
Relevant GitHub Links
2023-07-foundry-defi-stablecoin/src/DSCEngine.sol
Line 157 in d1c5501
2023-07-foundry-defi-stablecoin/src/DSCEngine.sol
Line 274 in d1c5501
2023-07-foundry-defi-stablecoin/src/DSCEngine.sol
Line 287 in d1c5501
Summary
The contract does not check the code size of token addresses, which may lead to fund losses.
Vulnerability Details
The contract does not check the code size of token addresses, which may lead to fund losses.If transferFrom() are called on a token address that doesn't have a contract in it, it will always return success, bypassing the return value check.This could lead to users minting tokens for free or cause significant fund losses.This is the reference link to the previous :sherlock-audit/2022-11-bond-judging#8
Impact
Hence this may lead to miscalculation of funds and may lead to loss of funds.
Tools Used
vscode
Recommendations
Use openzeppelin's safeERC20 or implement a code existence check
The text was updated successfully, but these errors were encountered: