Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Protocol may dos if incompatibile ERC20 token as collateral token

pks271

Summary

Protocol dont consider incompatibile ERC20 tokens as collateral token.

Vulnerability Details

Some tokens is incompatible with ERC20(like USDT) will return void instead of bool. Protocol alse need to guarantee the transfer result is successful or not under such conditions. But protocol only consider the standard ERC20 token and ignore the incompatible tokens, which will cause protocol dos.

There are two implements for this, one in _redeemCollateral and one in depositCollateral function. If the collateral token is incompatible with ERC20 like USDT, the return value will be void instead bool type and will cause protocol dos.

Impact

Protocol will dos when the collateral token is incompatible with ERC20.

Tools Used

vscode, Manual Review

Recommendations

Use OpenZeppelin’s SafeERC20 as IERC20, safeTransfer and safeTransferFrom functions that handle the return value check as well as non-standard-compliant tokens.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.