Summary

The DSCEngine.sol contract may face functionality issues if it is deployed with certain ERC20 tokens as approved collateral. These tokens, which do not return a boolean on their transfer methods (e.g. USDT), will cause multiple functions in DSCEngine.sol to fail consistently.

Vulnerability Details

During the contract deployment, there is no check in the constructor to ensure that the approved collateral tokens strictly adhere to the ERC20 standard. Consequently, it is possible to deploy the contract with tokens that do not return a boolean value on transfer methods, leading to subsequent failures in some of the contract's key functions.

Impact

The functions depositCollateral and _redeemCollateral in the DSCEngine.sol contract will not operate as expected when dealing with ERC20 tokens that do not return a boolean on their transfer functions. This could significantly impair the contract's core functionality.

Tools Used

Manual review

Recommendations

Consider using the SafeERC20 library from Open Zeppelin and call safeTransfer or safeTransferFrom when transferring ERC20 tokens