Skip to content

Latest commit

 

History

History
42 lines (20 loc) · 1.1 KB

065.md

File metadata and controls

42 lines (20 loc) · 1.1 KB

Fantastic Pickle Starfish

High

USDT Approval Logic Causes Reversion

Summary

The contracts are designed to support any ERC20 that follows exactly the standard (eg. 18/6 decimals). This means that they should support also USDT. However, the DebitaV3Loan contract will not work with USDT, as it will revert during the extendLoan() and payDebt() functions.

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/DebitaV3Loan.sol#L85

Root Cause

A boolean return value is expected when calling the approve() function. However, USDT's implementation of the approve() function does not return a boolean value, which causes the contract to revert during execution. The functions extendLoan() and payDebt() in the contract expect a boolean return value, causing them to revert when interacting with USDT.

Internal pre-conditions

None

External pre-conditions

None

Attack Path

None

Impact

Paying debt and extending the loan will fail due to a revert on USDT approvals

PoC

None

Mitigation

Use safeApprove instead of approve