The TokenHandler.safeTransferOut function uses the standard IERC20 function for the transfer call and proceeds with a checkReturnCode function to handle non-standard compliant tokens that don't return a return value.
However, this does not work as calling token.transfer(account, amount) already reverts if the token does not return a return value, as token's IERC20.transfer is defined to always return a boolean.
Impact
When using any non-standard compliant token like USDT, the function will revert.
Deposits for these tokens are broken, which is bad as USDT is a valid underlying for the cUSDT cToken.
Recommended Mitigation Steps
We recommend using OpenZeppelin’s SafeERC20 versions with the safeApprove function that handles the return value check as well as non-standard-compliant tokens.
Handle
cmichel
Vulnerability details
Vulnerability Details
The
TokenHandler.safeTransferOutfunction uses the standardIERC20function for the transfer call and proceeds with acheckReturnCodefunction to handle non-standard compliant tokens that don't return a return value. However, this does not work as callingtoken.transfer(account, amount)already reverts if the token does not return a return value, astoken'sIERC20.transferis defined to always return aboolean.Impact
When using any non-standard compliant token like USDT, the function will revert. Deposits for these tokens are broken, which is bad as
USDTis a valid underlying for thecUSDTcToken.Recommended Mitigation Steps
We recommend using OpenZeppelin’s
SafeERC20versions with thesafeApprovefunction that handles the return value check as well as non-standard-compliant tokens.