15,000 USDC
View results
Submission Details
Severity: medium
Valid

Unsafe transfer/transferFrom breaks compatibility with some of ERC20

Vulnerability Details

In depositCollateral and _redeemCollateral functions transferFrom and transfer calls made. While current implementation for WETH/WBTC is correct it may posses an obstacle for using contract other tokens, like USDT or BNB that do not return bool on these call and will always revert.

Impact

Restriction for possible tokens to be used as collateral.

Tools Used

Observation

Recommendations

Use safeTransfer/safeTransferFrom for IERC20(tokenCollateralAddress)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.