Protocol dont consider incompatibile ERC20 tokens as collateral token.
Some tokens is incompatible with ERC20(like USDT) will return void instead of bool. Protocol alse need to guarantee the transfer
result is successful or not under such conditions. But protocol only consider the standard ERC20 token and ignore the incompatible tokens, which will cause protocol dos.
There are two implements for this, one in _redeemCollateral
and one in depositCollateral
function. If the collateral token is incompatible with ERC20 like USDT, the return value will be void instead bool type and will cause protocol dos.
Protocol will dos when the collateral token is incompatible with ERC20.
vscode, Manual Review
Use OpenZeppelin’s SafeERC20
as IERC20, safeTransfer
and safeTransferFrom
functions that handle the return value check as well as non-standard-compliant tokens.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.