Summary

During the audit of DSCEngine.sol smart contract, a potential vulnerability was found in the ERC20 token standard. Tokens like USDT do not fully comply with the ERC20 standard and return nothing instead of a boolean value in the transferFrom
function . This could lead to transactions getting reverted since success won't be true even if the transfer is successful.

Vulnerability Details

In DSCEngine.sol line 157, the function depositCollateral uses the transferFrom method but because some ERC20 tokens do not fit the standard, like USDT, if one of these tokens is used as collateral, the input will return nothing instead of a boolean value. This creates a problem where the condition checking for if(!success) where success is the return value transferFrom will always be triggered and will revert the transaction.

Impact

The impact of this vulnerability is significant as it can be prevent the execution of transactions even if they are valid. This can lead to a loss of trust in the smart contract and prevent users from effectively using it, especially if they are using ERC20 tokens which do not fit the standard like USDT.

Tools Used

Foundry

Recommendations

I recommend using the safeTransferFrom function of the safeERC20 library from OpenZeppelin instead of the transferFrom.