Protocol breaks when using Fee-On-Transfer Tokens
Summary
Protocol breaks when using Fee-On-Transfer Tokens. Beedle has stated on their twitter that "any lending pair is possible (so yes you can borrow against HarryPotterObamaSonic10Inu)" meaning that they intend to support Fee-On-Transfer tokens since all the *Inu meme coins are fee-on-transfer.
Vulnerability Details
None of the code where loan & collateral tokens are transferred has logic to handle fee on transfer. For example, consider setting up a pool:
When creating a pool, currentBalance = 0. If loanToken is Fee-On-Transfer, the actual amount received will be less than the input parameter p.poolBalance due to the fee being taken mid-transfer, but pool.poolBalance will be set to the input p.poolBalance instead of the actual pool balance - the pool's state will be corrupted from the beginning. The whole codebase has these issues, this is just one example.
Impact
Protocol will be horribly broken when used with fee-on-transfer meme coins. The mighty wrath of the sh*tcoiners will endlessly rage against Beedle's twitter.
Tools Used
Manual
Recommendations
When receiving loan/collateral tokens into the protocol, subtract contract balance after from contract balance before to get actual amount received and use that to update contract state.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.