Zero-value ERC-20 token transfers may revert or non-existent `feeReceiver` lead to the inability to transfer fee tokens causing funds to be stuck
Summary
Zero-value ERC-20 token transfers, as well as fee token transfers to the feeReceiver set to address(0) revert in most cases. This cripples the protocol functionality for affected users and may lead to funds being stuck in the contract.
Vulnerability Details
The Lending contract collects fees on borrow amounts as well as accrued interest. Fees are immediately transferred to the feeReceiver address. However, if the number of tokens to be transferred is zero (due to rounding down or simply zero interest accrued given the elapsed time), certain ERC-20 tokens revert for such zero-value transfers (e.g., LEND).
Consequently, this prevents the borrower from repaying the loan, seizing loans, etc. As many such fee token transfers take place in the Lending contract, wide-spread DoS could be possible and cripple the protocol functionality for affected users.
See Weird ERC20 Tokens - Revert on Zero Value Transfers
Following instances of potential zero-value transfers were found:
Moreover, as the feeReceiver can potentially be set to the zero-address due to the missing check in the setFeeReceiver function, fees attempted to be transferred to the non-existent feeReceiver will revert in most cases (e.g., OpenZeppelin's ERC-20 implementation reverts)
Impact
The core functionality of the Lending contract reverts, and funds are stuck in the contract.
Tools Used
Manual Review
Recommendations
Consider checking the token transfer amount to be non-zero before attempting to transfer and ensure the feeReceiver is set to a non-zero address.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.