ERC20 Token Standard
Summary
During the audit of DSCEngine.sol smart contract, a potential vulnerability was found in the ERC20 token standard. Tokens like USDT do not fully comply with the ERC20 standard and return nothing instead of a boolean value in the transferFrom
function . This could lead to transactions getting reverted since success won't be true even if the transfer is successful.
Vulnerability Details
In DSCEngine.sol line 157, the function depositCollateral uses the transferFrom method but because some ERC20 tokens do not fit the standard, like USDT, if one of these tokens is used as collateral, the input will return nothing instead of a boolean value. This creates a problem where the condition checking for if(!success) where success is the return value transferFrom will always be triggered and will revert the transaction.
Impact
The impact of this vulnerability is significant as it can be prevent the execution of transactions even if they are valid. This can lead to a loss of trust in the smart contract and prevent users from effectively using it, especially if they are using ERC20 tokens which do not fit the standard like USDT.
Tools Used
Foundry
Recommendations
I recommend using the safeTransferFrom function of the safeERC20 library from OpenZeppelin instead of the transferFrom.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.