Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Cega>Discussion>Using non-ERC20 token standards
GeneralOverview
Findings
High (1)
Medium (4)
Low (2)
Informational (2)
DiscussionCentralization risksUsing non-ERC20 token standardsImpossibility of reentrancy in the queue-processing functions
Threat ModelsWhat are threat models?CegaState.solFCNProduct.solOracle.sol

Using non-ERC20 token standards

Note that - while Cega is intended to be used with ERC20 tokens only - it is possible to use Cega with tokens of other standards that share the same ERC20 function selectors (those that Cega use, at least). However, using non-ERC20 tokens is dangerous because Cega is designed to work with ERC20 tokens only.

For example, it is possible to create an FCNProduct contract configured to use an ERC721 asset. But IERC721.transferFrom triggers a call to the to address's onERC721Received function, potentially enabling reentrancy exploits. An admin may be able to abuse this behavior if a vault were configured with an ERC721 token to reenter into collectFees and drain the vault.

Zellic © 2024Back to top ↑