20,000 USDC
View results
Submission Details
Severity: high
Valid

Fee on transfer or deflationary erc20 tokens not taken into account while calculating poolBalance which can lead to loss of funds.

Summary

The balance of the pool (pool.poolBalance) is set without accounting for 'fee on transfer' or deflationary tokens which can lead to wrong balance values causing unintended issues as it is used by many functions for calculations.

Vulnerability Details

setPool(Pool calldata p) -> this function sets the pool (pools[poolId] = p;).
If the erc20 token has a 'fee on transfer' mechanism then the poolBalance will be set wrongly as they are not accounted for.

Same issue in the
addToPool(bytes32 poolId, uint256 amount) function -> this function updates the pool balance using.
_updatePoolBalance(poolId, pools[poolId].poolBalance + amount). which can go wrong with fee on transfer tokens.

Impact

Users can take more debt than pool Balance, which will lead to loss of funds.
borrow(Borrow[] calldata borrows) -> this function checks for balance before lending (if (debt > pool.poolBalance) revert LoanTooLarge();). Since the pool.poolBalance can be larger than the actual balance of erc20 in the pool of the contract, users can take more debt than intended which can drain contract's balance of the token.

Tools Used

Manual review

Recommendations

Either White list specific erc20 tokens for use in the protocol or account for fee on transfer and deflationary tokens during calculation of pool.poolBalance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.