TSender
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

USDT does not return a value indicating success or failure

Dots

Summary

USDT does not return a value indicating success or failure.

Vulnerability Details

ERC20 transfer and transferFrom calls normally return true on a succesful transfer. In airdropERC20 these calls

if iszero(call(gas(), tokenAddress, 0, 0x00, 0x64, 0, 0)) {
mstore(0x00, 0xfa10ea06) // cast sig "TSender__TransferFailed()"
revert(0x1c, 0x04)
}
if iszero(call(gas(), tokenAddress, 0, 0x00, 0x44, 0, 0)) {
mstore(0x00, 0xfa10ea06) // cast sig "TSender__TransferFailed()"
revert(0x1c, 0x04)
}

are made. The call function is used here to invoke the token's transfer function, and the return value of this call is checked against zero to determine success or failure. However, since USDT's transfer function does not return a value indicating success or failure, the iszero check will not accurately reflect the outcome of the transfer operation.

Impact

USDT not returning a value could lead to unexpected behaviour

Tools Used

Manual review

Recommendations

It is recommended to use alternative methods, such as the SafeERC20 library, to ensure the reliability of the interactions with the token.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.