Omniscia Vector Finance Audit
xPTP Manual Review Findings
xPTP Manual Review Findings
PTP-01M: Improper Invocation of EIP-20 transferFrom
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | xPTP.sol:L19 |
Description:
The linked statement does not properly validate the returned bool
of the EIP-20 standard transferFrom
function. As the standard dictates, callers must not assume that false
is never returned, however, certain tokens such as USDT (Tether) are non-standard and yield no bool
causing such checks to fail.
Example:
contracts/xPTP.sol
19require(ERC20(ptp).transferFrom(msg.sender, mainContract, _amount));
Recommendation:
We advise a safe wrapper library to be utilized instead such as SafeERC20
by OpenZeppelin to opportunistically validate the returned bool
only if it exists.
Alleviation:
The safeTransferFrom
function is now properly utilized.