Mammoth Marigold Bison
High
Direct use of the 'transfer()' and 'transferFrom()' functions in ERC20 contracts may introduce vulnerabilities, especially in tokens that are not fully compliant with ERC20 standards. This can cause transaction failure and damage the reliability of the contract.
Some tokens (like USDT) don't correctly implement the EIP20 standard and their transfer/ transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert.
- loss of tokens
- transaction failure
- can damage the integrity and reliability of the contract
https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L451 https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L453 https://github.com/sherlock-audit/2024-10-ethos-network/blob/main/ethos/packages/contracts/contracts/EthosReview.sol#L491
Manual Review
Recommend using OpenZeppelin's SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.