Rebase tokens
Summary
Rebase tokens may result in dispute never being resolved
Vulnerability Details
Some rebase tokens can adjust the amount of token holdings for addresses. E.g if user had 100 tokens a rebase could result in user now having 200 or 50 tokens.
The following if check will always fail if balance of tokens reduces due to rebase
uint256 tokenBalance = i_tokenContract.balanceOf(address(this));
uint256 totalFee = buyerAward + i_arbiterFee; // Reverts on overflow
if (totalFee > tokenBalance) {
revert Escrow__TotalFeeExceedsBalance(tokenBalance, totalFee);
}
It is possible arbiterFee was initially setup with understanding there are x tokens and buyerAward would be in range y
However if is now x-a it implies its possible tokenBalance will be less than totalFee so function always reverts unless arbiter understands the impact of rebasing that occured
Impact
Dispute may never be resolved as function may always revert if buyerAward is not adjusted down
However the above can be solved by reducing the buyerAward, since token is rebased even if amount is reduced it anticipated value is still the same from rebase
Tools Used
Manual Analysis
Recommendations
It is recommended these risks are made clear. It is recommended these tokens are not allowed. It is recommended to use a whitelist of safe tokens
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.