15,000 USDC
View results
Submission Details
Severity: medium
Valid

Protocol is incompatible with fee-on-transfer tokens

## Summary

If fee-on-transfer tokens (for example USDT can activate fees) are used as collateral protocol will lose funds.

## Vulnerability Details

Some tokens are getting fee's from transfer and transferFrom functions. However these tokens will cause problems in the protocol.
Let's examine this scenario where users deposits with fee-on-transfer token:

function depositCollateral(address tokenCollateralAddress, uint256 amountCollateral)
public
moreThanZero(amountCollateral)
isAllowedToken(tokenCollateralAddress)
nonReentrant
{
s_collateralDeposited[msg.sender][tokenCollateralAddress] += amountCollateral;

As we can see s_collateralDeposited is increased as much as amountCollateral, but since this token takes fee on transfer, deposited amount to the contract will be less than amountCollateral, and when user wants to redeem their collateral they will be able to get more than they actually deposited (if protocol has enough balance) and also they will be able to mint more DSC than expected.

For example let's assume token takes %10 transfer fee and see what could go wrong:

1-User deposits 1000 USD worth token and be able to mint 500 USD worth of DSC. But in the contract there is actually 900 USD worth of collateral token hence protocol will lose its promised overcollateralization and in extreme cases can lose its peg.

2-User1 deposits 1000 USD worth token and contract receives 900 USD worth of collateral, User2 deposits 1000 USD worth token and contract receives 900 USD worth of collateral. Now contract has 1800 USD worth of tokens. User1 redeemCollateral and contract sends 1000 USD worth of collateral to User1. There is only 800 USD worth of token left in the contract and User2 lost his/her funds.

## Impact

Users will lose funds and protocol will lose its promised overcollateralization and can also lose its peg because of this. Because users funds are directly at risk I consider this as high.

## Tools Used

Manual Review

## Recommendations

Measure the contract balance before and after the call to transfer()/transferFrom(), and use the difference between the two as the amount, rather than the amount stated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.