Summary

While the DSC engine contract is non-upgradable and doesn't allow the addition of supported collateral tokens, it can still be deployed with USDT as a supported collateral token. However, it's crucial to note that in this scenario, attempting to deposit or redeem USDT collateral will consistently result in transaction reverting.

Vulnerability Details

USDT, being a non-standard ERC20 token, lacks the boolean return value upon executing transfer and transferFrom operations. Consequently, the success parameter will never be true, resulting in transaction reverts whenever attempts are made to deposit or redeem USDT collateral.

Impact

Users won't be able to use USDT as a collateral for minting DSC.
While the current deployment is without USDT, the system remains agnostic and can be deployed with USDT as a supported collateral token. This scenario would render the USDT collateral system non-functional, resulting in a broken state.

Tools Used

VSCode

Recommendations

Use OpenZeppelin’s SafeERC20 versions with the safeTransfer and safeTransferFrom functions that handles the return value check as well as non-standard-compliant tokens.