Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

DoS In Rescuable.sol In A Certain Condition

nave765

Summary

Contract like CapitalPool.sol, DeliveryPlace.sol, PreMarkets.sol, SystemConfig.sol, and TokenManager.sol inherits Rescuable.sol. While erc20 like a USDT not returning a boolean for transfer and transferFrom function, this will lead to DoS for various function like TokenManager::tillIn , TokenManager::withdraw, TokenManager::rescue, etc.

Vulnerability Details

Unlike standard ERC20 tokens, which return a boolean value upon executing transfer and transferFrom operations and revert the transaction in case of failure, USDT lacks this important feature.

USDT's transfer and transferFrom functions do not return a boolean value. Instead, they simply calculate the fee and update the main state for transferring tokens without providing any return value.

bytes4 private constant TRANSFER_SELECTOR = bytes4(keccak256(bytes("transfer(address,uint256)")));

bytes4 private constant TRANSFER_FROM_SELECTOR = bytes4(keccak256(bytes("transferFrom(address,address,uint256)")));

function _safe_transfer(address token, address to, uint256 amount) internal {

@> (bool success, ) = token.call(

abi.encodeWithSelector(TRANSFER_SELECTOR, to, amount)

);

@> if (!success) {

revert TransferFailed();

}

function _safe_transfer_from(address token, address from, address to,uint256 amount) internal {

@> (bool success, ) = token.call(

abi.encodeWithSelector(TRANSFER_FROM_SELECTOR, from, to, amount)

);

@> if (!success) {

revert TransferFailed();

}

The problem is this will make the function revert because it creates bool success as returned value but nothing is returned because the USDT transfer mechanism.

Therefore the next check to ensure success return truthy value will not be used and useless in this case.

Impact

DoS for function which inherits Rescuable::_safe_transfer and Rescuable::_safe_transfer_from function.

Tools Used

Manual Review

Recommendations

Consider using safeTransfer and safeTransferFrom from SafeERC20 library by Openzeppelin to tackle this issue.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

[invalid] finding-weird-erc-20-return-boolean-Rescuable

I believe the issues and duplicates do not warrant low severity severity as even if the call to transfers returns false instead of reverting, there is no impact as it is arguably correct given there will be insufficient funds to perform a rescue/withdrawal. This will not affect `tillIn()` as there are explicit balance [checks that revert accordingly](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L255-L260) to prevent allowing creation of offers without posting the necessary collateral

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.