FundraiserFacet Static Analysis Findings

FFE-01S: Improper Invocation of EIP-20 `transfer` / `transferFrom`

Type	Severity	Location
Standard Conformity		FundraiserFacet.sol:L33, L41

Description:

The linked statements do not properly validate the returned bool of the EIP-20 standard transfer function. As the standard dictates, callers must not assume that false is never returned.

Example:

protocol/contracts/farm/facets/FundraiserFacet.sol

40function completeFundraiser(uint32 id) internal {
41    IERC20(s.fundraisers[id].token).transfer(s.fundraisers[id].payee, s.fundraisers[id].total);
42    emit CompleteFundraiser(id);
43}

Recommendation:

Since not all standardized tokens are EIP-20 compliant (such as Tether / USDT), we advise a safe wrapper library to be utilized instead such as SafeERC20 by OpenZeppelin to opportunistically validate the returned bool only if it exists.

Alleviation:

The safeTransfer function of the SafeERC20 library is now correctly invoked.

View Fix on GitHub

FundraiserFacet Static Analysis Findings

FundraiserFacet Static Analysis Findings

FFE-01S: Improper Invocation of EIP-20 `transfer` / `transferFrom`

Description:

Example:

Recommendation:

Alleviation:

Code Style

InitBip1.sol (IB1-S)

On this page

FundraiserFacet Static Analysis Findings

FundraiserFacet Static Analysis Findings

FFE-01S: Improper Invocation of EIP-20 transfer / transferFrom

Description:

Example:

Recommendation:

Alleviation:

Code Style

InitBip1.sol (IB1-S)

On this page

FFE-01S: Improper Invocation of EIP-20 `transfer` / `transferFrom`