Omniscia Criptan Audit
Wallet Manual Review Findings
Wallet Manual Review Findings
WAL-01M: Improper Invocation of EIP-20 transfer
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | Wallet.sol:L56 |
Description:
The linked statement does not properly validate the returned bool of the EIP-20 standard transfer function. As the standard dictates, callers must not assume that false is never returned.
Example:
contracts/Wallet.sol
56require(token.transfer(master(), balance), "Wallet: could not transfer the ERC20 tokens");Recommendation:
Since not all standardized tokens are EIP-20 compliant (such as Tether / USDT), we advise a safe wrapper library to be utilized instead such as SafeERC20 by OpenZeppelin to opportunistically validate the returned bool only if it exists.
Alleviation:
The safeTransfer function of the SafeERC20 library of OpenZeppelin is now properly utilized in the codebase.