Beedle - Oracle free perpetual lending

Summary

I discuss the vulnerability related to the ERC20 tranfser() and transferFrom() implementations and its impact on transactions. The vulnerabilities arise from not properly handling failures in transfer() and transferFrom() functions. Instead of using the revert() mechanism, some implementations use a boolean return value to indicate errors, potentially allowing unintended transactions to proceed without payment. This issue can affect loan collateral and debt repayment scenarios, where tokens may not be properly transferred but users still gain financial benefits.

Vulnerability Details

Some implementations of the IERC20 interface fail to utilize the revert() mechanism upon encountering issues with transfer() or transferFrom() functions. Instead, these functions rely on a boolean return value to signal errors. Neglecting to assess this return value leads to potential scenarios where operations that should have been flagged as failures proceed erroneously without actual payments being made.

Impact

Imagine a situation where collateral involves a token that does not trigger a reversion in the event of fund non-transfer; instead, it produces a false boolean. When a user borrows a loan, the collateral payment takes place through the following code snippet:

It's important to note that if the user withholds approval, this function returns false, preventing fund transfer. However, the user still receives the loan amount.

Similarly, envision a debt token that exhibits the same behavior upon encountering an error. This would enable a user to repay funds without genuinely effecting the fund transfer.

Tools Used

Manual Review

Recommendations

To address these vulnerabilities, it is crucial to meticulously inspect the return value of both the transfer() and transferFrom() functions. If a false value is returned, the execution should be promptly reverted to prevent unintended outcomes.