[NES-261] [N1] [Suggestion] Risks of Token Compatibility

nest/src/ComponentToken.sol

@@ -10,6 +10,9 @@ import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/
 import { IAccessControl } from "@openzeppelin/contracts/access/IAccessControl.sol";
 import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
 import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import { IERC20Metadata } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
+
+import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import { ERC165 } from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
 import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
 
@@ -252,11 +255,8 @@ abstract contract ComponentToken is
             revert Unimplemented();
         }
 
-        if (!IERC20(asset()).transferFrom(owner, address(this), assets)) {
-            revert InsufficientBalance(IERC20(asset()), owner, assets);
-        }
+        SafeERC20.safeTransferFrom(IERC20(asset()), owner, address(this), assets);
         $.pendingDepositRequest[controller] += assets;
-
         emit DepositRequest(controller, owner, REQUEST_ID, owner, assets);
         return REQUEST_ID;
     }
@@ -309,9 +309,7 @@ abstract contract ComponentToken is
             $.claimableDepositRequest[controller] -= assets;
             $.sharesDepositRequest[controller] -= shares;
         } else {
-            if (!IERC20(asset()).transferFrom(controller, address(this), assets)) {
-                revert InsufficientBalance(IERC20(asset()), controller, assets);
-            }
+            SafeERC20.safeTransferFrom(IERC20(asset()), controller, address(this), assets);
             shares = convertToShares(assets);
         }
 
@@ -334,22 +332,21 @@ abstract contract ComponentToken is
         }
 
         ComponentTokenStorage storage $ = _getComponentTokenStorage();
+        assets = convertToAssets(shares);
+
         if ($.asyncDeposit) {
-            // Check shares directly instead of converting to assets
-            if ($.sharesDepositRequest[controller] < shares) {
-                revert InsufficientRequestBalance(controller, shares, 1);
+            if ($.claimableDepositRequest[controller] < assets) {
+                revert InsufficientRequestBalance(controller, assets, 1);
             }
-            // Use the pre-calculated assets amount from when deposit was notified
-            assets = $.claimableDepositRequest[controller];
-            $.claimableDepositRequest[controller] = 0;
-            $.sharesDepositRequest[controller] = 0;
+            $.claimableDepositRequest[controller] -= assets;
+            $.sharesDepositRequest[controller] -= shares;
         } else {
-            assets = previewMint(shares);
-            _deposit(msg.sender, receiver, assets, shares);
+            SafeERC20.safeTransferFrom(IERC20(asset()), controller, address(this), assets);
         }
+
         _mint(receiver, shares);
-        emit Deposit(msg.sender, receiver, assets, shares);
-        return assets;
+
+        emit Deposit(controller, receiver, assets, shares);
     }
 
     /// @inheritdoc IComponentToken
@@ -429,9 +426,7 @@ abstract contract ComponentToken is
             assets = convertToAssets(shares);
         }
 
-        if (!IERC20(asset()).transfer(receiver, assets)) {
-            revert InsufficientBalance(IERC20(asset()), address(this), assets);
-        }
+        SafeERC20.safeTransfer(IERC20(asset()), receiver, assets);
 
         emit Withdraw(controller, receiver, controller, assets, shares);
     }
@@ -442,29 +437,29 @@ abstract contract ComponentToken is
         address receiver,
         address controller
     ) public virtual override(ERC4626Upgradeable, IERC7540) nonReentrant returns (uint256 shares) {
-        if (shares == 0) {
+        if (assets == 0) {
             revert ZeroAmount();
         }
         if (msg.sender != controller) {
             revert Unauthorized(msg.sender, controller);
         }
 
         ComponentTokenStorage storage $ = _getComponentTokenStorage();
+        shares = convertToShares(assets);
+
         if ($.asyncRedeem) {
-            // Use the pre-calculated assets amount from when redeem was notified
-            if ($.assetsRedeemRequest[controller] < assets) {
-                revert InsufficientRequestBalance(controller, assets, 3);
+            if ($.claimableRedeemRequest[controller] < shares) {
+                revert InsufficientRequestBalance(controller, shares, 3);
             }
-            shares = $.claimableRedeemRequest[controller];
-            $.claimableRedeemRequest[controller] = 0;
-            $.assetsRedeemRequest[controller] = 0;
+            $.claimableRedeemRequest[controller] -= shares;
+            $.assetsRedeemRequest[controller] -= assets;
         } else {
-            shares = previewWithdraw(assets);
-            _withdraw(msg.sender, receiver, msg.sender, assets, shares);
+            _burn(controller, shares);
         }
-        _burn(msg.sender, shares);
-        emit Withdraw(msg.sender, receiver, msg.sender, assets, shares);
-        return shares;
+
+        SafeERC20.safeTransfer(IERC20(asset()), receiver, assets);
+
+        emit Withdraw(controller, receiver, controller, assets, shares);
     }
 
     // Getter View Functions
@@ -523,7 +518,7 @@ abstract contract ComponentToken is
         if (_getComponentTokenStorage().asyncDeposit) {
             revert Unimplemented();
         }
-        assets = convertToAssets(shares);
+        assets = super.previewDeposit(shares);
     }
 
     /**
@@ -550,12 +545,12 @@ abstract contract ComponentToken is
         if (_getComponentTokenStorage().asyncRedeem) {
             revert Unimplemented();
         }
-        shares = convertToShares(assets);
+        shares = super.previewWithdraw(assets);
     }
 
     /// @inheritdoc IERC7540
     function setOperator(address, bool) public pure returns (bool) {
         revert Unimplemented();
     }
 
-}
+}