Token transfer' does not handle case if the tokens support fee-on-transfer
Summary
Some tokens take a transfer fee (e.g. STA, PAXG), some do not currently charge a fee but may do so in the future (e.g. USDT, USDC).
Vulnerability Details
While transfer of loan token, In the current implementation, it is assumed that the received amount is the same as the transfer amount. However, due to how fee-on-transfer tokens work, much less will be received than what was transferred.
IERC20(p.loanToken).transferFrom(
p.lender,
address(this),
p.poolBalance - currentBalance
);
Impact
The impact of such implementation will be on borrow() since the pool balance will be less than the expected which can lead to failure of borrow()
Tools Used
manual reveiw
Recommendations
In order to obtain the actual amount received by the contract, track the balance of
tokens before and after the transfer of tokens. For example, in the contract test, we recommend
implementing the following steps:
function _transfer(uint256 amount) public returns(uint256){
uint256 balanceBefore = IERC20(token).balanceOf(address(this));
IERC20Token(token).SafetransferFrom(msg.sender, address(this),amount);
uint256 balanceAfter = IERC20(token).balanceOf(address(this));
require(balanceAfter >= balanceBefore);
return balanceAfter - balanceBefore;
}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.