TVT-02: Potential Incompatibility w/ Underlying Token

Question

TVT-02: Potential Incompatibility w/ Underlying Token

Closed this issue 4 years ago · 0 comments

https://github.com/ampleforth/ampl-bridge-solidity/blob/954d0d20de14a4a7641f1592a33410dd16059a2c/contracts/base-chain/TokenVault.sol#L95

https://github.com/ampleforth/ampl-bridge-solidity/blob/954d0d20de14a4a7641f1592a33410dd16059a2c/contracts/base-chain/TokenVault.sol#L110

Description:

The vault is meant to be utilized with the Ampleforth main-chain currency on Ethereum which currently conforms to the ERC-20 standard properly, however, this may not always be the case.

Recommendation:

As the main chain Ampleforth implementation utilizes the proxy pattern, it is possible that an upgrade of the protocol will no longer be fully compliant with the ERC-20 standard causing the strict require checks utilized in the vault to fail and thus preventing any type of cross-chain transfer from occuring again. Although the likelihood of this scenario is low, it is still a plausible scenario as the same ERC-20 incompatibility is observed in the Tether stablecoin and has caused significant issues in the past.

It is more optimal to utilize the SafeERC20 OpenZeppelin library implementation for conducting ERC-20 transfers as it is fully compatible with all types of ERC-20 tokens and will also allow the Ampleforth codebase to be utilized by other projects.