BohdanHrytsak
commented
4 months ago Thank you for the submission.
This functionality has not been changed by us, it is inherited from Algebra and other implementations. OOS
https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/V3Migrator.sol#L42 https://github.com/cryptoalgebra/Algebra/blob/3de26266efcec1fffa7ef3cc021a9f60b5a0d645/src/periphery/contracts/V3Migrator.sol#L44
Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0xdfd9fffdafad75f6908e98a6fff668823e47f44341113d86ff2e00f07debfdf9 Severity: medium
Description: Vulnerability details
In V3Migrator.migrate(),
The issue here is with the use of unsafe transferFrom() function and this issue is about non-standard behavior of USDT and such weird tokens.
The ERC20.transferFrom() function return a boolean value indicating success. This parameter needs to be checked for success. Per EIP20. transfer() function is given below,
Therefore, tokens (like USDT) don't correctly implement the EIP20 standard and their transferFrom() function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. as USDT transfer do not revert if the transfer failed.
Tokens that don't actually perform the transfer and return false are still counted as a correct transfer and tokens that don't correctly implement the latest EIP20 spec, like USDT, will be unusable in the protocol as they revert the transaction because of the missing return value.
Impact
Tokens that don't actually perform the transfer and return false are still counted as a correct transfer and tokens that don't correctly implement the latest EIP20 spec will be unusable in the protocol as they revert the transaction because of the missing return value.
Recommendation
Recommend using safeTransferFrom() function from OpenZeppelin's SafeERC20.sol that handle the return value check as well as non-standard-compliant tokens.