Bnke0x0
medium
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
ERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return ‘false’ on failure instead of reverting. It is safer to wrap such calls into require() statements to these failures.
https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/bank/Bank.sol#L97
'TokenUtils.transfer(dataStore, token, receiver, amount);'
Manual Review
Check the return value and revert on 0/false or use OpenZeppelin’s SafeERC20 wrapper functions