tsvetanovv - ERC20 transfer zero amount can be reverted
Closed this issue · 0 comments
sherlock-admin commented
tsvetanovv
medium
ERC20 transfer zero amount can be reverted
Summary
In Router.sol we have pluginTransfer(). This function transfer the specified amount of tokens from the account to the receiver.
Certain ERC20 tokens do not support zero-value token transfers and revert.
As ERC20 can be an arbitrary token, in the case when such token doesn't allow for zero amount transfers.
Vulnerability Detail
In addition to the code snippet below, you should also check the other places where there is a ERC20 transfer.
Impact
ERC20 transfer zero amount can be reverted.
Code Snippet
26: function pluginTransfer(address token, address account, address receiver, uint256 amount) external onlyRouterPlugin {
27: IERC20(token).safeTransferFrom(account, receiver, amount);
28: }Tool used
Manual Review
Recommendation
Add a simple check for zero-value token transfers.