From 1ea00eee90a8f01cf21a8ee14467daf79c8d9ac9 Mon Sep 17 00:00:00 2001 From: vks <93567955+this-vishalsingh@users.noreply.github.com> Date: Fri, 17 Jan 2025 09:43:25 +0530 Subject: [PATCH] Update solstat_report.md fix-markdown Signed-off-by: vks <93567955+this-vishalsingh@users.noreply.github.com> --- solstat_report.md | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/solstat_report.md b/solstat_report.md index 987ddf3..36f1beb 100644 --- a/solstat_report.md +++ b/solstat_report.md @@ -5,45 +5,43 @@ The following sections detail the high, medium and low severity vulnerabilities
## Low Risk +ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement. Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions. - ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement. - Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions. - - #### Unsafe Transfer - ```js +#### Unsafe Transfer + ```js IERC20(token).transfer(msg.sender, amount); - ``` - #### OpenZeppelin SafeTransfer - ```js + ``` +#### OpenZeppelin SafeTransfer + ```js import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol"; //--snip-- IERC20(token).safeTransfer(msg.sender, address(this), amount); - ``` + ``` - #### Safe Transfer with require statement. - ```js +#### Safe Transfer with require statement. +```js bool success = IERC20(token).transfer(msg.sender, amount); require(success, "ERC20 transfer failed"); - ``` +``` - #### Unsafe TransferFrom - ```js +#### Unsafe TransferFrom + ```js IERC20(token).transferFrom(msg.sender, address(this), amount); - ``` - #### OpenZeppelin SafeTransferFrom - ```js + ``` +#### OpenZeppelin SafeTransferFrom +```js import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol"; //--snip-- IERC20(token).safeTransferFrom(msg.sender, address(this), amount); - ``` +``` - #### Safe TransferFrom with require statement. - ```js +#### Safe TransferFrom with require statement. +```js bool success = IERC20(token).transferFrom(msg.sender, address(this), amount); require(success, "ERC20 transfer failed"); - ``` +``` ### Lines