Some tokens may revert when zero value transfers are made
Opened this issue · 0 comments
code423n4 commented
Lines of code
356, 371, 145, 272, 252, 116, 445, 374, 506, 488, 527, 41, 47, 237, 794, 159, 137
Vulnerability details
In spite of the fact that EIP-20 states that zero-valued transfers must be accepted, some tokens, such as LEND will revert if this is attempted, which may cause transactions that involve other tokens (such as batch operations) to fully revert. Consider skipping the transfer if the amount is zero, which will also save gas.
File: contracts/tOFT/BaseTOFT.sol
356 "TOFT_allowed"
357 );
358 }
359: IERC20(erc20).safeTransferFrom(_fromAddress, address(this), _amount);
371 if (erc20 == address(0)) {
372 _safeTransferETH(_toAddress, _amount);
373 } else {
374: IERC20(erc20).safeTransfer(_toAddress, _amount);
File: contracts/tOFT/mTapiocaOFT.sol
145 if (_isNative) {
146 _safeTransferETH(msg.sender, _amount);
147 } else {
148: IERC20(erc20).safeTransfer(msg.sender, _amount);
File: contracts/tOFT/modules/BaseTOFTLeverageModule.sol
272 if (erc20 == address(0)) {
273 _safeTransferETH(_toAddress, _amount);
274 } else {
275: IERC20(erc20).safeTransfer(_toAddress, _amount);
File: contracts/tOFT/modules/BaseTOFTOptionsModule.sol
252 })
253 );
254 } else {
255: IERC20(tapSendData.tapOftAddress).safeTransfer(from, tapAmount);
File: contracts/Vesting.sol
116 users[msg.sender].claimed += _claimable;
117 users[msg.sender].latestClaimTimestamp = block.timestamp;
118
119: token.safeTransfer(msg.sender, _claimable);
File: contracts/governance/twTAP.sol
445 totals.totalDistPerVote[_rewardTokenId] +=
446 (_amount * DIST_PRECISION) /
447 uint256(totals.netActiveVotes);
448: rewardToken.safeTransferFrom(msg.sender, address(this), _amount);
File: contracts/option-airdrop/AirdropBroker.sol
374 unchecked {
375 for (uint256 i = 0; i < len; ++i) {
376 ERC20 paymentToken = ERC20(_paymentTokens[i]);
377 paymentToken.transfer(
378 paymentTokenBeneficiary,
379 paymentToken.balanceOf(address(this))
380: );
506 _paymentToken.decimals()
507 );
508
509 _paymentToken.transferFrom(
510 msg.sender,
511 address(this),
512 discountedPaymentAmount
513: );
File: contracts/options/TapiocaOptionBroker.sol
488 unchecked {
489 for (uint256 i = 0; i < len; ++i) {
490 ERC20 paymentToken = ERC20(_paymentTokens[i]);
491 paymentToken.transfer(
492 paymentTokenBeneficiary,
493 paymentToken.balanceOf(address(this))
494: );
527 _paymentToken.decimals()
528 );
529
530 _paymentToken.transferFrom(
531 msg.sender,
532 address(this),
533 discountedPaymentAmount
534: );
File: contracts/tokens/LTap.sol
41 function deposit(uint256 amount) external {
42: tapToken.transferFrom(msg.sender, address(this), amount);
47 require(block.timestamp > lockedUntil, "Still locked");
48 uint256 amount = balanceOf(msg.sender);
49 _burn(msg.sender, amount);
50: tapToken.transfer(msg.sender, amount);
File: contracts/usd0/modules/USDOOptionsModule.sol
237 })
238 );
239 } else {
240: IERC20(tapSendData.tapOftAddress).safeTransfer(from, tapAmount);
File: contracts/Magnetar/modules/MagnetarMarketModule.sol
794 address _token,
795 uint256 _amount
796 ) private {
797: IERC20(_token).safeTransferFrom(_from, address(this), _amount);
File: contracts/Swapper/BaseSwapper.sol
159 );
160 return amount;
161 }
162: IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
File: contracts/Swapper/CurveSwapper.sol
137 0
138 );
139 } else {
140: IERC20(tokenOut).safeTransfer(to, amountOut);
Assessed type
other