15,000 USDC
View results
Submission Details
Severity: medium
Valid

Use safeTransfer()/safeTransferFrom() instead of transfer()/transferFrom()

Summary

Only use transfer and transferFrom to deal with tokens

Vulnerability Details

Some ERC20 tokens do not revert on failure in transfer but instead return false as a return value

Impact

Tokens that don't actually perform the transfer and return false are still counted as a correct transfer and tokens that don't correctly implement the latest EIP20 spec, like USDT, will be unusable in the protocol as they revert the transaction because of the missing return value

Tools Used

Manual Review

Recommendations

Use openzeppelin safeERC20 library to safe transfer ERC20 tokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.