Assessment reports>Points Farm>Informational findings>ERC-20 approve function reverts on nonstandard token
Category: Coding Mistakes

ERC-20 approve function reverts on nonstandard token

Informational Severity
Informational Impact
N/A Likelihood

Description

As explained in Finding ref, the function _migrate is called in order to update user balance and approve the migrator contract to transfer the user's token. For ERC20 tokens, the approve function must return a bool value. If not, the contract call to approve reverts. Thus, the migration may not work for non-ERC20 tokens like USDT.

Impact

According to the documentation, a user should be able to restake USDT. However, USDT does not adhere to the ERC20 token standard. The USDT approve function does not return anything. Since the contract is expecting a boolean value but, for USDT, does not get anything, then the contract reverts, preventing the user from migrating their USDT. However, no funds would be locked, and the users can withdraw their funds whenever they want.

Recommendations

The contract should use the function forceApprove from SafeERC20, which was created specially to handle those cases of ERC20 and nonstandard tokens.

Remediation

This bug was reported by Level during the preaudit phase. Level will disable the migrate functionality and ask users to withdraw USDT and convert them to lvlUSD tokens by other means.

Zellic © 2025Back to top ↑