The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Fee on transfer tokens will not be supported during swap

syahiramali

Summary

Fee on transfer tokens will be able to perform swaps because there is no additional slippage that the user can set. The protocol has stated that they intend to support a Fee on transfer token such as PAXG.

Vulnerability Details

Fee on transfer tokens will not be able to be swapped with the current implementation, due to the fact there is no additional slippage that allows for a lower return in amountOutMinimum, or the implementation of the router function swapExactTokensForTokensSupportingFeeOnTransferTokens() that supports fee on transfer token swaps.

We can see in the function calculateMinimumAmountOut() gets the exact value of amountOutMinimum required to perform the swap without any slippage.

function calculateMinimumAmountOut(bytes32 _inTokenSymbol, bytes32 _outTokenSymbol, uint256 _amount) private view returns (uint256) {

ISmartVaultManagerV3 _manager = ISmartVaultManagerV3(manager);

uint256 requiredCollateralValue = minted * _manager.collateralRate() / _manager.HUNDRED_PC();

uint256 collateralValueMinusSwapValue = euroCollateral() - calculator.tokenToEur(getToken(_inTokenSymbol), _amount);

return collateralValueMinusSwapValue >= requiredCollateralValue ?

0 : calculator.eurToToken(getToken(_outTokenSymbol), requiredCollateralValue - collateralValueMinusSwapValue);

}

Impact

The protocol has stated that they intend to support a Fee on transfer token such as PAXG. A fee on transfer token will have a high chance of failing during swap because there is no slippage calculation done, or the implementation of the router function swapExactTokensForTokensSupportingFeeOnTransferTokens(). This will result in a user not being able to swap their assets, and could be potentially liquidated during a high volatile period.

Tools Used

Manual Review

Recommendations

To solve this issue, the calculateMinimumAmountOut() function could take into account of a user's slippage and risk tolerance for the swap. Or they could implement the function swapExactTokensForTokensSupportingFeeOnTransferTokens() that will check the recipient amount rather than the sending amount when calculating the invariant

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

fee-on-transfer

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

fee-on-transfer

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.