RouterFacet Static Analysis Findings

RFT-01S: Unused Return Value

Description:

The ERC20 transfer and transferFrom performed within the contract do not evaluate the return bool value.

Example:

Copy
102function lock(uint8 targetChain, address nativeToken, uint256 amount, bytes memory receiver) public override {
103    LibRouter.Storage storage rs = LibRouter.routerStorage();
104    LibFeeCalculator.Storage storage fcs = LibFeeCalculator.feeCalculatorStorage();
105    LibFeeCalculator.distributeRewards();
106    IERC20(rs.albtToken).transferFrom(msg.sender, address(this), fcs.serviceFee);
107    IERC20(nativeToken).transferFrom(msg.sender, address(this), amount);
108    emit Lock(targetChain, nativeToken, receiver, amount, fcs.serviceFee);
109}

Recommendation:

Although the implementations used would never return a false boolean under any circumstance, it is still best practice to use a safe wrapper implementation of ERC20, such as SafeERC20, to ensure return values are properly evaluated.

Alleviation:

The SafeERC20 implementation by OpenZeppelin was properly imported into the codebase and utilized for all linked transfer and / or transferFrom invocations.