Skip to content

Latest commit

 

History

History
69 lines (54 loc) · 3.29 KB

015.md

File metadata and controls

69 lines (54 loc) · 3.29 KB

Suave Lilac Pike

High

Unchecked token transfer in Abond_Token.sol

Security Audit Findings Report: Unchecked Token Transfer in Abond_Token.sol

Summary

The 'Abond_Token.sol' contract has an unchecked token transfer vulnerability. The 'transfer' and 'transferFrom' functions utilise the 'super.transfer(to, value);' and 'super.transferFrom(from, to, value);' and call without verifying its return value, which could result in silent failures of token transfers due to insufficient funds or other issues.

Vulnerable Code

super.transfer(to, value);
super.transferFrom(from, to, value);

Link to Vulnerable Code Transfer

Link to Vulnerable Code Transfer from

Vulnerable Functions

function transfer(
    address to,
    uint256 value
) public override returns (bool) {
    // Vulnerability: Unchecked transfer
    super.transfer(to, value);
}

    function transferFrom(
        address from,
        address to,
        uint256 value
    ) public override returns (bool) {
    // Vulnerability: Unchecked transferFrom
    super.transferFrom(from, to, value);
}

Link to Vulnerable Function Transfer

Link to Vulnerable Function Transfer From

Description of Vulnerability

The vulnerability lies in the failure to check the return value of the 'super.transfer/transferFrom' function calls. In the Ethereum ERC-20 standard, the 'transfer/transferFrom' method are required to return a Boolean value indicating the success or failure of the transfer. If the return value is not checked, the function might silently fail to transfer tokens, leading to inconsistencies and potential issues in the application logic.

Example Scenario

Consider a DeFi application where this token is used for transferring funds between users. If a transfer is initiated and fails due to insufficient funds or another issue, the application might incorrectly assume the transfer succeeded, causing a discrepancy in the users' account balances.

Mitigation

To mitigate this vulnerability, the return value of the 'super.transfer/transferFrom' calls should be checked using the 'require' statement. This ensures that the transfer only proceeds if the 'super.transfer/transferFrom' call is successful.

Mitigation Example

+ bool success = super.transfer(to, value);
+ require(success, "Transfer failed");
- super.transfer(to, value);
+ bool success = super.transferFrom(from, to, value);
+ require(success, "Transfer failed");
- super.transferFrom(from, to, value);

This change ensures that if the 'super.transfer/transferFrom' call fails, the 'transfer/transferFrom' function will revert, preventing silent failures.

Further Reading

For more details on the ERC-20 token standard and best practices, refer to the ERC-20 Token Standard.