Description

Certain tokens, such as USDT, do not correctly implement the EIP-20 standard. Their transfer and transferFrom functions return void instead of a successful boolean. Consequently, calling these functions with the expected EIP-20 function signatures will always result in a revert.

The documentation states that only the listed collateral tokens are supported. However, if the protocol were to later support these nonstandard tokens, it could lead to issues with certain function calls that rely on transfer/transferFrom returning a boolean value.

Impact

Nonstandard collateral tokens might not work as intended.

Recommendations

Consider using OpenZeppelin’s↗ safeTransferFrom()/safeTransfer() method instead of transferFrom()/transfer(). This will ensure that the transfers are handled safely and prevent any unexpected reverts related to nonstandard tokens.

Remediation

This issue has been acknowledged by Prisma Finance, and a fix was implemented in commit 039cc86a↗.