Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External call does not have amount check in TransferHelper #56

Open
code423n4 opened this issue Jul 12, 2021 · 2 comments
Open

External call does not have amount check in TransferHelper #56

code423n4 opened this issue Jul 12, 2021 · 2 comments
Labels
bug Something isn't working disagree with severity G (Gas Optimization) sponsor confirmed

Comments

@code423n4
Copy link
Contributor

Handle

defsec

Vulnerability details

Impact

There is occurrence in the code of the TransferHelper contract where amount is checked after the external call.

Proof of Concept

Tools Used

None

Recommended Mitigation Steps

To favor readability and avoid confusions, consider applying check at the beginning of function.

  function _safeTransferFrom(address _token, address _sender, uint _amount) internal virtual {
    require(_amount > 0, "TransferHelper: amount must be > 0");
    ...
  }
@code423n4 code423n4 added 1 (Low Risk) bug Something isn't working labels Jul 12, 2021
code423n4 added a commit that referenced this issue Jul 12, 2021
@code423n4
defsec issue #56
eb746c4
@talegift
Copy link
Collaborator

Readability issues should IMO be marked as 0 (non-critical).

This was referenced Jul 15, 2021
Closed
Closed
@ghoul-sol
Copy link
Collaborator

This is gas optimization since I don't see any exploit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working disagree with severity G (Gas Optimization) sponsor confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@talegift @ghoul-sol @code423n4