In EthUniswapPCVController, there is a call to IWETH.transfer that does not check the return value.
It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure.
Consider adding a require-statement or using `safeTransfer_
- ConsenSys Audit Fei Finding 3.7
- Error Handling
- Medium Severity
- Unchecked Return Values
- ERC20 Transfer
- Add require or Use SafeERC20 Wrapper
- Youtube Reference
- Medium severity finding from Consensys Diligence Audit of Fei Protocol