Failing to check the return value of calls to transferFrom or transfer functions on ERC20 tokens can lead to unexpected behavior.
For certain tokens, these functions may return false instead of reverting when there are insufficient tokens or if the transfer is unsuccessful. If the return value is ignored, the transaction might continue even if the transfer failed.
Game
What in this token transfer contract can be risky?
// SPDX-License-Identifier: MIT// Open me in VSCode and really think before opening the hints!// Add @audit tags wherever suspicious// Go to the solidity docs to complete missing knowledge of what's happening here// Solve by drafting a fix!pragmasolidity ^0.8.0;interface IToken {functiontransfer(address recipient,uint256 amount) externalreturns (bool);}contract UncheckedExternalCallGame { IToken public token;constructor(address_token) { token =IToken(_token); }functiontransferTokens(address recipient,uint256 amount) public { token.transfer(recipient, amount); }
External calls can fail for various reasons, such as insufficient funds or other contract restrictions. Consider how you might verify that the transfer function succeeded.
Think about using the return value of the transfer function to check if the external call was successful and handle the situation accordingly if it wasn’t.
functiontransferTokens(address recipient,uint256 amount) public {bool success = token.transfer(recipient, amount);require(success,"Token transfer failed"); // Fix: Check the return value}