Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether (USDT)'s approve() on L1 does not return a boolean as the specification requires, and instead has no return value. When these sorts of tokens are cast to IERC20, their function signatures do not match and therefore the calls made, revert (see this link for a test case). Use OpenZeppelinundefineds SafeERC20's safeApprove() instead
Lines of code
321, 215, 184, 450, 761, 217, 157, 234, 339, 386, 76, 106, 107, 108, 172, 174, 79, 80, 81, 143, 144, 80, 134, 135, 94, 151, 153
Vulnerability details
Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether (USDT)'s
approve()
on L1 does not return a boolean as the specification requires, and instead has no return value. When these sorts of tokens are cast toIERC20
, their function signatures do not match and therefore the calls made, revert (see this link for a test case). Use OpenZeppelinundefinedsSafeERC20
'ssafeApprove()
insteadAssessed type
other