15,000 USDC
View results
Submission Details
Severity: medium
Valid

ERC20 Tokens with fee on transfer means the user is minted more DSC Tokens than was deposited into the contract

Vulnerability Details

There are ERC20 tokens that have fees deducted from the transfer value when a transfer transaction is initiated. Unfortunately, this fee deduction can lead to protocols receiving less funds than they should. In the DSCEngine contract, there was no check to ensure that the amount received was the actual amount transferred. Consequently, incorrect accounting in the contract results in the protocol recording the full amount of tokens that should be transferred, even though it only receives the amount after fees have been deducted.

Impact

The most significant consequence is the insolvency of the protocol. Due to incorrect accounting and lack of verification, the protocol ends up having less collateral than it should. Users can withdraw the full amount of their collateral even though, in reality, they didn't deposit as much due to fees.

Tools Used

Manual Review

Recommendations

To address this issue, it is essential to check the actual amount received upon transfer, taking into account any fees that may have been deducted. This way, the protocol can accurately record the correct amount of tokens received and avoid any discrepancies in accounting.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.