Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Programmable Derivatives>Informational findings>Missing safe transferring in some contracts
GeneralOverview
Findings
Critical (2)
High (9)
Medium (4)
Low (3)
Informational (2)Missing safe transferring in some contractsMissing a zero-value check for assetSupply
DiscussionInconsistencies between documentation and implementation
Threat ModelWhat are threat models?Auction.solBalancerOracleAdapter.solBondToken.solDistributor.solLeverageToken.solOracleReader.solPool.solPoolFactory.solPreDeposit.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Missing safe transferring in some contracts

Informational Severity
Informational Impact
Low Likelihood

Description

Some parts of the codebase use safeTransfer and safeTransferFrom, but there are sections that still use transferFrom as is.

function bid(uint256 buyReserveAmount, uint256 sellCouponAmount) external auctionActive returns(uint256) {
  //...

  IERC20(buyCouponToken).transferFrom(msg.sender, address(this), sellCouponAmount);
  // ...

Impact

There is no issue with the whitelist token intended for use, but using safe functions is recommended.

Recommendations

Use safeTransfer and safeTransferFrom for best practice.

Remediation

This issue has been acknowledged by Plaza Finance, and fixes were implemented in the following commits:

Zellic © 2025Back to top ↑