Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 129/133
Findings: 1
Award: $12.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1f8b, 0x5rings, 0xSky, 0xSmartContract, 8olidity, Chom, CodingNameKiki, IllIllI, Ruhum, Sm4rty, brgltd, hansfriese, m9800, magu, pashov, pedroais, peritoflores, prasantgupta52, rokinot, seyni
12.4859 USDC - $12.49
USDT tokens can't be recovered
The most used stablecoin (by market cap) USDT doesn't comply with the current ERC20 standard (it's a prior version of the standard) and doesn't return true on success.
From tether official docs : Note: The integration path is the same as any ERC20 compatible token with the following
Exception: Tether’s current USD₮ ERC20 contract is based on a slightly older standard that does not return a boolean value in the transfer function. Developers and Integrators deploying their own custom contracts should take care and use the SafeERC20 library which is designed to handle both the old and new standards. https://tether.to/es/supported-protocols
The require statement will make the execution revert when calling the function with USDT.
The openZeppelin SafeTransfer function should be used instead of requiring a true value from the transfer.
#0 - FortisFortuna
2022-09-25T21:35:21Z
Not really medium risk. Technically you could use safeTransfer, but if someone were to accidentally send something to this contract, it would most likely be either ETH, FRAX, frxETH, or sfrxETH, all of which are transfer compliant.
#1 - joestakey
2022-09-26T16:02:27Z
Duplicate of #18