When transferring tokens from another account to address(this)
, the amount of tokens received by the contract is not necessarily equal to the amount
parameter. This can be the case for:
- fee on transfer tokens: e.g. PAXG
- a fee is taken out of each transfer from the amount
and sent to a
predetermined fee recipient, meaning the to
address receives fewer
tokens
- rebasing tokens: e.g. LDO
- user token balances are algorithmically altered automatically,
meaning balances change without any action being taken
If it is assumed that a contracts balance of a particular token is equal to the amount
parameter used in transferFrom
, this can be voilated.
Mappings s_collateralDeposited
and s_DSCMinted
assume that the amount of tokens received by the contract is equal to the amount
value passed to the transferFrom
call, which is not guaranteed.
In the case of fee-on-transfer tokens, the contracts balance would be lower than expected. This leads to the contract becoming slightly undercollateralized, which may cause a loss of funds for certain users. For example, if everyone wanted to redeem their collateral, the final user to call redeem will receive fewer tokens than expected.
Manual review
Implement an allowlist for ERC20 tokens, or redesign functions to account for obscure tokens
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.