search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

IERC20.transfer does not support all ERC20 token #631

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L651

Vulnerability details

Impact

Proof of Concept

Token like USDT known for using non-standard ERC20. (Missing return boolean on transfer).

Contract function _handleDeposit will always revert when try to transferfrom this kind of tokens.

Tools Used

manual review

Recommended Mitigation Steps

We recommend using OpenZeppelin's SafeERC20 instead of IERC20 transferfrom. This accepts ERC20 token with no boolean return like USDT

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #198

c4-judge commented 1 year ago

GalloDaSballo marked the issue as not a duplicate

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #352

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Out of scope