Protocol use IERC20Metadata.approve for USDT as collateralToken, this will cause the _registerCollateralToken function to always fail on mainnet
Summary
Protocol use IERC20Metadata.approve for USDT as collateralToken, this will cause the _registerCollateralToken function to always fail on mainnet .
Vulnerability Details
Based on contest README, protocol will use USDT and USDC.
During the collateral token registration process, IERC20Metadata.approve is used as below:
It is known that IERC20Metadata.approve forces its output to be boolean but USDT on mainnet does not have a boolean as return value. This will be a problem because by forcing USDT on mainnet to have a boolean as return value, the _registerCollateralToken function will always revert.
NOTE
This issue is different from the issue found by lightchaser.
Lightchaser's findings only describe the problem of checking the return value of the approve function but this function explains that USDT on the mainnet is not compatible at all with IERC20Metadata.approve causing the function to always revert.
Impact
USDT tokens cannot be used for collateral tokens because they cannot be registered due to the _registerCollateralToken function always reverting.
Tools Used
Manual Review
Recommended Mitigation
Consider using safeIncreaseAllowance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.