depositCollateral does not work on non-standard compliant tokens like USDT
Summary
The depositCollateral function in the smart contract fails with non-standard compliant tokens like USDT due to their void return type instead of a boolean.
Vulnerability Details
The smart contract is designed to accept any asset which is well-recognized and has chainlink priceFeed as collateral for their stablecoin. But tokens like USDT does not follow standard EIP-20 format and does not return a boolean on trannferFrom function. Calling these functions with the correct EIP20 function signatures will always revert as it is done in the contract. Because of this, when you try to deposit USDT as collateral, the function reverts and users will not be able to deposit into the contract to mint stablecoin.
Impact
The impact is that certain non standard tokens like USDT, will not be able to interact with the smart contract as expected.
Tools Used
VS Code
Manual analysis
Recommendations
There is no need to check for a boolean return value in this case as the function will automatically revert on failure, including in cases where the token is non-standard compliant.
Consider using OpenZeppelin’s SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.