solstat/report/report_sections/vulnerabilities/
unsafe_erc20_operation.rs1pub fn report_section_content() -> String {
2 String::from(
3 r##"
4 ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement.
5 Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions.
6
7 #### Unsafe Transfer
8 ```js
9 IERC20(token).transfer(msg.sender, amount);
10 ```
11 #### OpenZeppelin SafeTransfer
12 ```js
13 import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
14 //--snip--
15
16 IERC20(token).safeTransfer(msg.sender, address(this), amount);
17 ```
18
19 #### Safe Transfer with require statement.
20 ```js
21 bool success = IERC20(token).transfer(msg.sender, amount);
22 require(success, "ERC20 transfer failed");
23 ```
24
25 #### Unsafe TransferFrom
26 ```js
27 IERC20(token).transferFrom(msg.sender, address(this), amount);
28 ```
29 #### OpenZeppelin SafeTransferFrom
30 ```js
31 import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
32 //--snip--
33
34 IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
35 ```
36
37 #### Safe TransferFrom with require statement.
38 ```js
39 bool success = IERC20(token).transferFrom(msg.sender, address(this), amount);
40 require(success, "ERC20 transfer failed");
41 ```
42
43 "##,
44 )
45}