Although the ERC20 standard suggests that a transfer should return true on success, many tokens are non-compliant in this regard.
In that case, the .transfer() call here will revert even if the transfer is successful, because solidity will check that the RETURNDATASIZE matches the ERC20 interface.
Consider using OpenZeppelin’s SafeERC20
- ConsenSys Audit bitbank Finding 5.1
- Error Handling
- Major Severity
- Incorrect Return Value
- Check on ERC20 transfer
- Use SafeERC20 Wrapper
- Youtube Reference
- Major severity finding from Consensys Diligence Audit of bitbank