Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Transfers for Fee-On-Transfer

echospr

Summary

Using ERC-20 token that has a fee-on-transfer feature such as USDT, failing to account for this fee will lead to less being received by the winner.

Vulnerability Details

Impact

Incorrect Amounts: If the contract does not account for the fee when calculating the amount to send or receive, the winner may end up receiving less than expected.

Tools Used

Manual

Recommendations

Use the balance before and after the transfer to calculate the amount being received instead of assuming the amount.

https://solodit.xyz/issues/m-25-consistently-check-account-balance-before-and-after-transfers-for-fee-on-transfer-discrepancies-code4rena-vetoken-finance-vetoken-finance-contest-git

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.