Assuming tokens are compliant with ERC20 could cause transactions to revert unexpectedly

# Handle

shw


# Vulnerability details

## Impact

In the following lines of code, when transferring tokens, it is assumed that the token complies with the standard ERC20 interface (since the OpenZeppelin `IERC20` is used). However, for tokens that do not have a return value of `transfer` or `transferFrom` (e.g., `USDT` and `BNB`) the function calls `transfer` and `transferFrom` reverts due to a return value decoding error.

## Proof of Concept

Referenced code:
[LongShort.sol#L791](https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/LongShort.sol#L791)
[YieldManagerAave.sol#L132](https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/YieldManagerAave.sol#L132)

## Recommended Mitigation Steps

Use the `SafeERC20` library [implementation](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol) from OpenZeppelin, which handles tokens that have no return values of `transfer` and `transferFrom`.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assuming tokens are compliant with ERC20 could cause transactions to revert unexpectedly #93

Handle

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Assuming tokens are compliant with ERC20 could cause transactions to revert unexpectedly #93

Description

Handle

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions