No fee-on-transfer handling for ERC20s
Summary
No fee-on-transfer handling for ERC20s
Vulnerability Details
Some ERC20 implementations use fee-on-transfer logic, which in practice means the recipeint receives x% less tokens that the sender sent. In the current implementation this could lead to the protocol or lenders receiving less profit than expected.
Recommendations
I am not aware of any legitimate uses of fee-on-transfer tokens, so I would suggest not supporting them. However, you do not allow tokens to get locked in the system. So when first adding tokens to the system verify that the balance changed by the expected amount following a transfer so that fee-on-transfer tokens cannot enter. For example, comparing the balance before and after this transfer https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L187 and revert if pool balance is not pools[poolId].poolBalance + amount.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.