Use openZeppelin safeErc20 rather than assuming that the ERC20 tokens selected for collateral exactly follow ERC20 spec. Plenty of ERC20 tokens do not return a boolean and simply revert on failed transfers, and return nothing on success. safeERC20 uses a low level call to check the success of the transfer, where as the transfer here is a high level call and its possible that a successful transfer of the token returns nothing, so the success boolean is false even though the transfer succeeded, causing the call to revert erroneously.
Leaving the code as is would mean it is not compatible with all ERC20 tokens which per the docs submitted in the contest is the intention.
manual review
use openZeppelins safeERC20 Library for transfers and transferFroms
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.