15,000 USDC
View results
Submission Details
Severity: medium
Valid

Protocol may dos if incompatibile ERC20 token as collateral token

Summary

Protocol dont consider incompatibile ERC20 tokens as collateral token.

Vulnerability Details

Some tokens is incompatible with ERC20(like USDT) will return void instead of bool. Protocol alse need to guarantee the transfer result is successful or not under such conditions. But protocol only consider the standard ERC20 token and ignore the incompatible tokens, which will cause protocol dos.

There are two implements for this, one in _redeemCollateral and one in depositCollateral function. If the collateral token is incompatible with ERC20 like USDT, the return value will be void instead bool type and will cause protocol dos.

Impact

Protocol will dos when the collateral token is incompatible with ERC20.

Tools Used

vscode, Manual Review

Recommendations

Use OpenZeppelin’s SafeERC20 as IERC20, safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.