Algo Ssstablecoinsss

AI First Flight #2

Beginner FriendlyDeFi

EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: low

Invalid

No-return-value ERC20 (USDT-style) collateral makes every deposit/redeem revert, bricking that collateral entirely

sub99

No-return-value ERC20 tokens (USDT-style) make every deposit and redeem revert, bricking the engine for those collaterals

Description

Both transfer paths assign the result of the external call to a bool and assert it, which requires the token to return a boolean.

# dsc_engine.vy:227-230 (_deposit_collateral)

success: bool = extcall IERC20(token_collateral_address).transferFrom(

msg.sender, self, amount_collateral # @> expects bool return

)

assert success, "DSCEngine_TransferFailed"

# dsc_engine.vy:253-256 (_redeem_collateral)

success: bool = extcall IERC20(token_collateral_address).transfer(_to, amount_collateral)

assert success, "DSCEngine_TransferFailed"

USDT and several other major tokens do not return a value from transfer/transferFrom. With the strict IERC20 ABI, Vyper's ABI decoder reverts when the return data is empty, so any deposit or redeem of such a token reverts.

Risk

Likelihood:
Low. Depends on a non-compliant token (USDT/BNB-era) being chosen as one of the two collaterals; the constructor allows it.

Impact:
Medium. Collateral that uses a no-return ERC20 cannot be deposited or withdrawn at all — funds already in the contract (if seeded) would be permanently locked, and the collateral type is unusable. It is a denial-of-service rather than a direct theft.

Proof of Concept

# usdt_mock.transferFrom moves tokens but returns nothing

engine.deposit_collateral(usdt_mock, 1000 * 10**6) # reverts in ABI decode of empty return

Recommended Mitigation

Use a safe-transfer helper that tolerates missing return data (snekmate safe_transfer / safe_transfer_from).

- success: bool = extcall IERC20(token_collateral_address).transferFrom(msg.sender, self, amount_collateral)

- assert success, "DSCEngine_TransferFailed"

+ # snekmate erc20 safe-transfer tolerates non-bool-returning tokens

+ extcall self._safe_transfer_from(token_collateral_address, msg.sender, self, amount_collateral)

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 5 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!