Fee-on-transfer/Rebasing tokens not properly accounted for
Summary
The protocol is intended to allow users to lend and borrow any ERC20 token. However certain ERC20 tokens that implement a fee-on-transfer (e.g. PAXG) or rebasing (e.g. stETH) are incompatible with the protocol.
Vulnerability Details
When transferring tokens from another account to address(this), the amount of tokens received by the contract is not necessarily equal to the amount parameter. This can be the case for:
- fee on transfer tokens: e.g. PAXG
- a fee is taken out of each transfer from the amount and sent to a
predetermined fee recipient, meaning the to address receives fewer
tokens
- rebasing tokens: e.g. stETH
- user token balances are algorithmically altered automatically,
meaning balances change without any action being taken
If it is assumed that a contracts balance of a particular token is equal to the amount parameter used in transferFrom, this can be violated and lead to unexpected issues.
Impact
The Lending contracts balance of certain tokens may be different to what is expected. This can lead to loss of funds due to undercollateralization, unfair liquidations or DoS on core functions.
Tools Used
Manual review
Recommendations
Implement an allowlist for ERC20 tokens, or redesign functions to account for obscure tokens by taking balance snapshots.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.