Flat Macaroon Alligator
High
USDT does not return any value on transfer, which means that all transfer and transferFrom operations will fail.
The protocol uses the USDT token as one of its main tokens, as stated in the README. However, the problem lies in how transfers are implemented for this token. USDT is an unusual token that does not return any value after transferFrom. The protocol checks if the return value is true, which means this condition will fail 100% of the time.
The USDT token implementation does not return a boolean value after a transfer because it does not follow certain default ERC-20 guidelines. This means that any attempt to check the returned value will result in false.
Instances:
https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/lib/CDSLib.sol#L408-L412 https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/lib/CDSLib.sol#L553-L558 https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/lib/CDSLib.sol#L408-L413
Any USDT transfer made by using transferFrom/transfer.
No response
No response
All instances where plain transfer or transferFrom are used for USDT will fail, blocking execution every time USDT is transferred.
No response
Use OpenZeppelin's safeTransfer implementation instead.