Category: Coding Mistakes
Return value from transferFrom
should be checked
Informational Severity
Informational Impact
N/A Likelihood
Description
The Leverager and IncentivesController contracts use the transferFrom
function but do not validate the return value. The transferFrom
function is not required to revert when the transfer fails (due to the insufficient balance or approval) under the ERC-20 token standard, and some ERC-20 tokens return false rather than revert in fact.
Impact
This can lead to unexpected results on the features of these contracts (e.g., transferring the incomplete reward to the user in case the rewards vault has insufficient balance or reverting). The lack of checks in these contracts do not cause the loss of funds.
Recommendations
Consider checking the return value from transferFrom
.