If borrower / lender fee is zero, tokens that revert on zero-value transfer will not work as intended
Summary
There are certain ERC20 tokens which revert on zero value transfers (e.g. LEND). If borrower fee is zero, nobody will be able to borrow as the transaction will always revert. If lender fee is zero, functions such as repay, buyloan, giveLoan will not work as transaction will always revert when transferring 0 tokens to the feeReceiver
Vulnerability Details
The protocol intends to use any type of ERC20 tokens. There are some ERC20 tokens that revert on zero-value transfer. The owner of the protocol can set the lender/borrower fee, and they may set it to be zero to attract users to use their protocol.
Some ERC20 tokens, like LEND, will revert on zero-value transfer. If LEND is used as a loan token and borrower fee is zero, the zero value will still be transferred to the feeReceiver. This will break the borrow() function.
Similarly, if lenderFee is zero, then protocolInterest will be zero. Zero-value will be transferred to the feeReceiver, which will break repay().
Impact
Tokens that revert on zero-value transfer will not work in the protocol.
Tools Used
Manual Review
Recommendations
Address ERC20 tokens which revert on 0 value transfers. Check if there is any fees incurred before transferring the fee to the fee receiver. For example,
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.