15,000 USDC
View results
Submission Details
Severity: medium
Valid

ERC20 tokens with no return value will fail to transfer

Summary

  • Many non-compilant ERC20 tokens with no return value will fail to transfer.

Vulnerability Details

  • The ERC20 standard recommends that a successful token transfer should return true.

  • However, numerous tokens, including prominent ones like USDT, do not comply with this recommendation and do not return true on success.

  • As a consequence, when using the transfer() function, it will revert even if the transfer is successful since Solidity checks whether the size of the returned data matches the ERC20 interface.

Impact

ERC20 tokens with no return value will fail to transfer

Tools Used

Manual review

Recommendations

Consider using OpenZeppelin’s SafeERC20

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.