Assessment reportsPublic findings
Back to Zellic site
Assessment reports>ether.fi>Informational findings>Deposit is not compatible with noncompliant ERC20s
GeneralOverview
Findings
High (3)
Medium (2)
Low (2)
Informational (2)Deposit is incompatible with noncompliant ERC-20sBalance-offset check uses requested amount
DiscussionCounterparty and exchange-rate riskPermit can allow for gasless depositsPR #1568 review
Threat ModelWhat are threat models?Liquifier.sol
Audit ResultsSummary
Category: Coding Mistakes

Deposit is not compatible with noncompliant ERC20s

Informational Severity
Informational Impact
N/A Likelihood

Description

When depositWithERC20 is called to deposit an ERC-20 token, the transferFrom is called like this:

bool sent = IERC20(_token).transferFrom(msg.sender, address(this), _amount);
require(sent, "erc20 transfer failed");

However, some noncompliant ERC-20 tokens, such as USDT, do not return a boolean. So, on success, sent will be interpreted as false and the contract will not support it.

Impact

The Liquifier does not support some noncompliant ERC-20 tokens for direct deposit.

Recommendations

We recommend using a wrapper such as SafeERC20 so that noncompliant ERC-20 tokens that do not return a boolean are safely handled.

Remediation

This issue has been acknowledged by Gadze Finance SEZC, and a fix was implemented in commit 21ebc30e.

Zellic © 2025Back to top ↑