Unhandled return value of collateral transfer
Description
Certain tokens, such as USDT, do not correctly implement the EIP-20 standard. Their transfer
and transferFrom
functions return void instead of a successful boolean. Consequently, calling these functions with the expected EIP-20 function signatures will always result in a revert.
The documentation states that only the listed collateral tokens are supported. However, if the protocol were to later support these nonstandard tokens, it could lead to issues with certain function calls that rely on transfer
/transferFrom
returning a boolean value.
Impact
Nonstandard collateral tokens might not work as intended.
Recommendations
Consider using OpenZeppelin’s↗ safeTransferFrom()/safeTransfer()
method instead of transferFrom()/transfer()
. This will ensure that the transfers are handled safely and prevent any unexpected reverts related to nonstandard tokens.
Remediation
This issue has been acknowledged by Prisma Finance, and a fix was implemented in commit 039cc86a↗.