Skip to content

Drop require checks for synthetic tokens #52

New issue
New issue
Open
Open
Drop require checks for synthetic tokens#52
Labels
G (Gas Optimization)bugSomething isn't workingfixed-in-upstream-repoThis task has been implemented in the upstream repo
@code423n4

Description

@code423n4
code423n4
opened on Aug 11, 2021

Handle

hickuphh3

Vulnerability details

Impact

The README states that "the synthetic token is written to never return false." as it inherits from OpenZeppelin's ERC20PresetMinterPauser.

It is also claimed that "We only check the return boolean (success) for erc20 methods on the payment token not for the synthetic token", but this is not true. LongShort.sol does in fact check that the transfer() and transferFrom() methods returns true (L855 - 857, 900-906, 961-963, 1015-1020).

Recommended Mitigation Steps

Since synthetic tokens have been engineered to always return true, consider dropping the require checks to save gas.

Metadata

Metadata

Assignees

No one assigned

    Labels

    G (Gas Optimization)bugSomething isn't workingfixed-in-upstream-repoThis task has been implemented in the upstream repo

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions