Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

INCOMPATIBILITY WITH NON-FULLY COMPLIANT TOKENS

frankudoags

Summary

Some tokens like USDT do not fully comply with the ERC20 Standard and have no return value instead of a boolean value when "transferFrom" is called.

Vulnerability Details

iN THE DSCEngine.sol file, the function "depositCollateral" uses the "transferFrom" method in it's implementations and it has a conditional check for the return value whereas tokens like USDT that are not fully compliant with ERC20 has no return value hence the transaction will always revert for such tokens

Impact

This can prevent users from completing transactions even if they are valid and can deny users access to protocol if they're using tokens that are not fully compliant

Tools Used

Manual review

Recommendations

Use SafeERC20 Library from Solady/Solmate/Openzeppelin to handle transferFrom scenarios

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.