ERC20 standard allows transfer function of some contracts to return bool or return nothing.
Some tokens such as USDT return nothing.
This will result in rseth being mint without collateral.
Using safeTransferFrom of SafeERC20.sol is recommended instead.
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L136
Vulnerability details
Impact
ERC20 standard allows transfer function of some contracts to return bool or return nothing. Some tokens such as USDT return nothing. This will result in rseth being mint without collateral. Using safeTransferFrom of SafeERC20.sol is recommended instead.
Proof of Concept
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/4a9cc8b4918ef3736229a5cc5a310bdc17bf759f/contracts/token/ERC20/utils/SafeERC20.sol
Tools Used
Manual review
Recommended Mitigation Steps
Using safeTransferFrom of SafeERC20.sol is recommended instead.
Assessed type
Token-Transfer