15,000 USDC
View results
Submission Details
Severity: medium
Valid

depositCollateral does not work on non-standard compliant tokens like USDT

Summary

The depositCollateral function in the smart contract fails with non-standard compliant tokens like USDT due to their void return type instead of a boolean.

Vulnerability Details

The smart contract is designed to accept any asset which is well-recognized and has chainlink priceFeed as collateral for their stablecoin. But tokens like USDT does not follow standard EIP-20 format and does not return a boolean on trannferFrom function. Calling these functions with the correct EIP20 function signatures will always revert as it is done in the contract. Because of this, when you try to deposit USDT as collateral, the function reverts and users will not be able to deposit into the contract to mint stablecoin.

Impact

The impact is that certain non standard tokens like USDT, will not be able to interact with the smart contract as expected.

Tools Used

  1. VS Code

  2. Manual analysis

Recommendations

  1. There is no need to check for a boolean return value in this case as the function will automatically revert on failure, including in cases where the token is non-standard compliant.

  2. Consider using OpenZeppelin’s SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.