Handling of ERC20 Transfer Fees Vulnerability in Contract
Summary
Some ERC20 tokens charge a transaction fee for every transfer (used to encourage staking, add to liquidity pool, pay a fee to contract owner, etc.). Sometimes this is not a problem but in the cases listed here it is because it transfers X amount and then puts the same X variable as if it was exactly that that was transferred when in fact it's less because of the fees, this will cause wrong values and computations.
Any upgradeable ERC20 contract can add this fee on transfer at any time so this is big thing.
Vulnerability Details
Transferring ERC20 tokens that charge a fee on transfer without accounting for the fee, leading to incorrect values and computations.
Impact
Miscalculations in contract logic, potential financial discrepancies, and incorrect state management. Since state variables store exactly the amount from the param it does not account for the fee and the state will at least store more values than the user actually has stored.
Tools Used
Manual Review
Recommendations
Implement logic to account for potential transfer fees in ERC20 tokens, or restrict usage to known tokens without transfer fees.
A good idea can be checking the balance of the user right after the transfer and before storing the value to a state variable instead of using the one from the params.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.