Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

USDT's non-standard approve behavior can cause deposits to fail

anchabadze

Description:

The PerpetualVault contract supports USDT as a collateral token

/**

* @notice

* `collateralToken` can be ETH, WETH, BTC, LINK, UNI, USDC, USDT, DAI, FRAX.

but doesn't account for USDT's non-standard approve/transferFrom implementation:

// In PerpetualVault.sol:

function deposit(uint256 amount) external payable nonReentrant {

// ...

collateralToken.safeTransferFrom(msg.sender, address(this), amount);

// ...

}

USDT has specific requirements:

Requires allowance to exactly match the transfer amount
Requires setting allowance to 0 before setting a new allowance
Will revert if allowance > transfer amount

This behavior is different from standard ERC20 tokens and can lead to failed deposits.

Impact:

Causes failed transactions and wasted gas fees
Affects protocol adoption due to USDT being a major stablecoin

Recommended Mitigation:

Add allowance validation check

Updates

Lead Judging Commences

n0kto Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

n0kto Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.