Users may not be able to deposit collateral to engine because of the check for returned bool from transfer
function.
In DSCEngine
contract users can deposit allowed tokens by protocol and since owner can set the allowed tokens to any tokens that has price feed there is possiblity the token they set not be ERC20-compliant.
not ERC20-compliant means tokens may not return a boolean when calling transfer or approve functions, so the check for boolean in the depositCollateral
will revert and user will not be able to deposit that token as collateral
user calls depositCollateral
function with passing not ERC20-compliant token address as collateral and the call will be reverted.
Manual review
For fixing this problem you need to use SafeERC20 from OpenZeppelin.
(You also use the transfer for collateral tokens in _redeemCollateral
function but if you don't fix this too users will not be able redeem)
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.