Every ERC20 not returns `true` on success so this can break the logic in `repayBadDebtWithCash` when erc20 don't return bool on success/failure like USDT protocol.
Vulnerability Details
It is possible that protocol may use USDT as underlying token. So whenever function like transferFrom will be called on USDT contract then it will not return true on success resulting the logic break of repayBadDebtWithCash function in MErc20DelegateFixer.sol.
src/MErc20DelegateFixer.sol#L30-L40
Impact
If underlying storage variable have USDT contract address then it will not return true on success when transferFrom will be called resulting the logic break of repayBadDebtWithCash function
Tools Used
Manual Review
Recommended mitigation :
Use Openzeppelin's SafeERC20 library. Use safeTransferFrom of that library instead of transferFrom. So whenever any token return bool or revert on failure it can handle both situations. Since it uses low level call to call the ERC20 contract.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.