Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

The protocol doesn't have support for fee on transfer type of ERC20 tokens

tsvetanovv

Summary

The protocol doesn't have support for fee on transfer type of ERC20 tokens

Vulnerability Details

In the following places in Lender.sol we see this problem:

152: IERC20(p.loanToken).transferFrom(
159: IERC20(p.loanToken).transfer(
187: IERC20(pools[poolId].loanToken).transferFrom(
203: IERC20(pools[poolId].loanToken).transfer(msg.sender, amount);
267: IERC20(loan.loanToken).transfer(feeReceiver, fees);
269: IERC20(loan.loanToken).transfer(msg.sender, debt - fees);
271: IERC20(loan.collateralToken).transferFrom(
317: IERC20(loan.loanToken).transferFrom(
323: IERC20(loan.loanToken).transferFrom(
329: IERC20(loan.collateralToken).transfer(
403: IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);
505: IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);
563: IERC20(loan.collateralToken).transfer(feeReceiver, govFee);
565: IERC20(loan.collateralToken).transfer(
642: IERC20(loan.loanToken).transferFrom(
651: IERC20(loan.loanToken).transfer(feeReceiver, fee);
653: IERC20(loan.loanToken).transfer(msg.sender, debt - debtToPay - fee);
656: IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);
663: IERC20(loan.collateralToken).transferFrom(
670: IERC20(loan.collateralToken).transfer(

Impact

Some ERC20 token implementations have a fee that is charged on each token transfer. This means that the transferred amount isn't exactly what the receiver will get.

Tools Used

Visual Studio Code

Recommendations

Improve support for a fee on transfer type of ERC20. When pulling funds from the user using transferFrom() and transfer() the usual approach is to compare balances pre/post transfer.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.