Because the pool fails to check that a contract exists, the pool may assume that failed transactions involving destructed tokens are successful.
TransferHelper.safeTransfer performs a transfer with a low-level call without confirming the contract’s existence.
As a result, if the tokens have not yet been deployed or have been destroyed, safeTransfer will return success even though no transfer was executed.
Short term, check the contract’s existence prior to the low-level call in `TransferHelper.safeTransfer_. Long term, avoid low-level calls.
- ToB Audit Uniswap V3 Finding 9
- Data Validation
- High Severity
- Contract Existence
- Token Loss
- Check Existence
- Avoid Low-level Calls
- Youtube Reference
- High Risk severity finding from ToB’s Audit of Uniswap V3