15,000 USDC
View results
Submission Details
Severity: medium
Valid

INCOMPATIBILITY WITH NON-FULLY COMPLIANT TOKENS

Summary

Some tokens like USDT do not fully comply with the ERC20 Standard and have no return value instead of a boolean value when "transferFrom" is called.

Vulnerability Details

iN THE DSCEngine.sol file, the function "depositCollateral" uses the "transferFrom" method in it's implementations and it has a conditional check for the return value whereas tokens like USDT that are not fully compliant with ERC20 has no return value hence the transaction will always revert for such tokens

Impact

This can prevent users from completing transactions even if they are valid and can deny users access to protocol if they're using tokens that are not fully compliant

Tools Used

Manual review

Recommendations

Use SafeERC20 Library from Solady/Solmate/Openzeppelin to handle transferFrom scenarios

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.