Question on flashloan contract implementations

silvercondor · February 26, 2023, 5:29pm

is there a reason why most protocols use balance checks instead of a push pull method?

e.g what protocols typically do

uint balanceBefore = IERC20(token).balanceOf(address(this));
caller.executeOperation(..., params);
uint balanceAfter = IERC20(token).balanceOf(address(this));
require(balanceAfter == balanceBefore + fee);

Instead of

IERC20(token).transfer(caller, amount);
caller.executeOperation(..., params);
IERC20(token).transferFrom(caller, address(this), amount+fee);

is there a vulnerability on the 2nd method that i'm missing?

barakman · February 27, 2023, 8:32am

Regardless of vulnerabilities, your alternative code consists of at least 3 problems:

It assumes that no additional fee is applied inside the functions of the token contract itself
It costs more gas, because it relies on approve + transferFrom instead of transfer
It is incompatible with ETH

With regards to vulnerabilities, I suppose that making it compatible with ETH might inflict some.

Topic		Replies	Views
Contracts holding tokens Support	12	5606	February 18, 2021
Why Yet Check User Balance For ERC20 Transfer Contracts erc20 , solidity	5	870	September 10, 2021
Suggested improvement on your token contracts General	0	441	July 24, 2021
Need to deposit all erc20tokens in my wallet into smart contract which I deployed Smart Contracts erc20	5	1007	September 23, 2021
ERC20 contract method balanceOf returning wrong data Smart Contracts erc20	3	547	November 28, 2022

Question on flashloan contract implementations

Related Topics