15,000 USDC
View results
Submission Details
Severity: medium
Valid

`DSCEngine` is incompatible with ERC20 that do not return a `bool`.

Summary

The DSCEngine is incompatible with ERC20 that do not return a bool.

Vulnerability Details

While the ERC-20 standard defines that methods such as transferFrom must return a bool indicating success, the reality is that many major tokens do not, and instead just revert on failure.

The DSCEngine contract, however, expects the collateral tokens to return a boolean results, which can be seen in calls such as

// function depositCollateral
bool success = IERC20(tokenCollateralAddress).transferFrom(msg.sender, address(this), amountCollateral);

Impact

Should a token not return a bool, the DSCEngine contract is unable to operate with it, as Solidity generates implicit checks that verify RETURNDATASIZE for these calls, which revert when it is not as expected.

This does not affect WETH and WBTC. However, the contest description mentions that The system is meant to be such that someone could fork this codebase, swap out WETH & WBTC for any basket of assets they like, and the code would work the same. In this case, this issue could arise.

Tools Used

None

Recommendations

Use OpenZeppelin's SafeERC20 library that offers methods such as safeTransferFrom and safeTransfer that handle optional return values, and replace all relevant calls in DSCEngine with the OpenZeppelin implementation.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.