15,000 USDC
View results
Submission Details
Severity: medium
Valid

Unsafe usage of ERC20 transfer and transferFrom.

Summary

Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG . The USDT's transfer and transferFrom functions doesn't return a bool.

Vulnerability Details

function _redeemCollateral(address from, address to, address tokenCollateralAddress, uint256 amountCollateral)
private
{
s_collateralDeposited[from][tokenCollateralAddress] -= amountCollateral;
emit CollateralRedeemed(from, to, tokenCollateralAddress, amountCollateral);
bool success = IERC20(tokenCollateralAddress).transfer(to, amountCollateral);
if (!success) {
revert DSCEngine__TransferFailed();
}
}

Impact

In the protocol, there are places where the use of "transfer" may fail, but the transaction does not revert. This could potentially lead to the depletion of funds in the protocol.

Tools Used

manul

Recommendations

Use safeTransfer instead of transfer.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.