Integrating fee-on-transfer tokens would completely break DSC's internal accounting
The current implementation of the DSC protocol doesn't work with fee-on-transfer as collateral tokens.
When a fee is charged on a transfer of tokens in Solidity, it is important to check the balance of the sender's account before and after the transfer to ensure that the fee has been correctly deducted from the sender's balance.
Take a look at DSCEngine.sol#L144-L161
As seen no check is performed to really check if the amount of tokens received are what was sent note that since this check is not performed, it can result in an accounting error where the depositor's collateral value is overstated, leading to potential issues with record keeping, reporting, and reconciliation.
For example the getAccountCollateralValue() function
When this is called would iterate over all the tokens added in the user's collateral array, but user's collateral value would be easily overstated since the amount of registered collateral is not really what's been registered in the contract
Break of internal accounting, in the case of the depositCollateral
function of DSCEngine.sol
, the contract directly registers the amountCollateral provided and not the one received.
Manual Audit
Check the balances before and after any transfer for tokens so as to ensure correct accurate accounting.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.