Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-07-AXELAR-FINDINGS-ISSUES-210
HistoryAug 03, 2022 - 12:00 a.m.

Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom

2022-08-0300:00:00
Code4rena
github.com
5
JSON

Lines of code
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L144&gt;
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L23&gt;
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L86&gt;

Vulnerability details

Impact

Its a good to add require() statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affect token accountng in contract.

#Proof of Concept

<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L144&gt;

<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L23&gt;

<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L86&gt;

Tools Used

Manual review code

Recommended Mitigation Steps

consider using safetransfer/safetransferFrom or require() consistently

The text was updated successfully, but these errors were encountered:

šŸ‘Ž 1 GalloDaSballo reacted with thumbs down emoji

All reactions

  • šŸ‘Ž 1 reaction
JSON