Non-standard ERC20 tokens might revert during `transfer` in `LiquidationPool.claimRewards()`.
Summary
In contrast to the rest of the codebase, the LiquidationPool.claimRewards() function does not use safeTransfer for token transfers. This could pose an issue if non-standard tokens such as USDT are accepted within the protocol.
Vulnerability Details
Given that the remaining sections of the codebase utilize OpenZeppelin's safeTransfer, it is expected that this contract may interact with non-standard ERC20 tokens. These tokens might exhibit behavior where they return false instead of reverting, or they may not return any bool value at all (as is the case with USDT). Consequently, it is advisable to use safeTransfer in this function as well, otherwise those non-standard tokens will revert when being claimed as rewards.
Impact
If non-standard ERC20 tokens like USDT are used, the LiquidationPool.claimRewards() function will consistently revert when attempting to transfer rewards for these tokens. This situation would render it impossible for users to claim their rewards.
Tools Used
Manual Review.
Recommended Mitigation
Consider using Openzeppelin's safeTranfer instead of transfer.
Lead Judging Commences
unchecked-transfer
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.