The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

When accepted token is USDT or upgradable token, vault are not able to liquidation

greatlake

Summary

Porotocol uses a normal IERC20 interface and a normal approve() function call. Since approve() function of USDT doesn't return a boolean as expected by the interface, this would leave the contract unusable.

Vulnerability Details

If collateral token is USDT, vault will be failed to liquidation as intended since the LiquidationPoolManager#runLiquidation() function will fail.

            if (erc20balance > 0) {
                assets[i] = ILiquidationPoolManager.Asset(token, erc20balance);
                ierc20.approve(pool, erc20balance);  // <----
            }

USDT approve signature: function approve(address spender, uint value) public;

OpenZeppelin ERC20 approve signature: function approve(address spender, uint256 value) external returns (bool);

Impact

Vault will be failed to liquidated.

Tools Used

Manual review

Recommendations

Add support for USDT by importing another interface with approve() function that don't return values.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

informational/invalid

greatlake Submitter
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.