Merge pull request #86 from GenerationSoftware/gen-1222-h-235-missing…

…-safetransfer-protection use safeTransfer when transferring ERC20 token balances
GenerationSoftware · Mar 18, 2024 · 843a7b7 · 843a7b7
2 parents cc9e119 + ec1dd53
commit 843a7b7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/PrizeVault.sol b/src/PrizeVault.sol
@@ -934,7 +934,7 @@ contract PrizeVault is TwabERC20, Claimable, IERC4626, ILiquidationSource, Ownab
             yieldVault.redeem(_yieldVaultShares, address(this), address(this));
         }
         if (_receiver != address(this)) {
-            _asset.transfer(_receiver, _assets);
+            _asset.safeTransfer(_receiver, _assets);
         }
     }
 

diff --git a/src/PrizeVaultFactory.sol b/src/PrizeVaultFactory.sol
@@ -2,6 +2,7 @@
 pragma solidity ^0.8.24;
 
 import { IERC20, IERC4626 } from "openzeppelin/token/ERC20/extensions/ERC4626.sol";
+import { SafeERC20 } from "openzeppelin/token/ERC20/utils/SafeERC20.sol";
 
 import { PrizePool } from "pt-v5-prize-pool/PrizePool.sol";
 
@@ -11,6 +12,7 @@ import { PrizeVault } from "./PrizeVault.sol";
 /// @author PoolTogether Inc. & G9 Software Inc.
 /// @notice Factory contract for deploying new prize vaults using a standard underlying ERC4626 yield vault.
 contract PrizeVaultFactory {
+    using SafeERC20 for IERC20;
 
     ////////////////////////////////////////////////////////////////////////////////
     // Events
@@ -115,7 +117,7 @@ contract PrizeVaultFactory {
 
         // A donation to fill the yield buffer is made to ensure that early depositors have
         // rounding errors covered in the time before yield is actually generated.
-        IERC20(_vault.asset()).transferFrom(msg.sender, address(_vault), YIELD_BUFFER);
+        IERC20(_vault.asset()).safeTransferFrom(msg.sender, address(_vault), YIELD_BUFFER);
 
         allVaults.push(_vault);
         deployedVaults[address(_vault)] = true;