If the collateral is a fee-on-transfer token, repayment will be blocked
Summary
As we all know, some tokens will deduct fees when transferring token. In this way, the actual amount of token received by the receiver will be less than the amount sent. If the collateral is this type of token, the amount of collateral recorded in the contract will bigger than the actual amount. When the borrower repays the loan, the amount of collateral withdrawn will be insufficient, causing tx revert.
Vulnerability Details
The deposit() function in Lender.sol receives tokens from borrower with amount uint256 collateral = borrows[i].collateral. If collateral token is a fee-on-transfer token then the actual amount received by Lender.sol is less than uint256 collateral = borrows[i].collateral. Inside the function it is transfering collateral (which in uint collateral as told above) to deposit the token to contract, the amount in the function parameter is also collateral, so the transaction may fail or be deposited to escrow contract with the funds from the CollateralManager protocol.
Impact
The protocol could suffer a loss of funds.
Tools Used
Manual Review
Recommendations
Consider checking the balance of the contract before and after token transfers and using instead of the amount specified in the contract.
here is the similar finding that was accepted in Sherlock as medium severity
https://github.com/sherlock-audit/2023-03-teller-judging/issues/91
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.