Protocol isn't compatible with fee-on-transfer tokens.
As the contest page highlights the protocol is expected to be compatible with fee-on-transfer tokens also.
Sablier protocol is compatible with the following:
Any network which is EVM compatible
Any ERC20 token
Here in the _create()
function, the amount createAmounts.deposit
is transferred from the msg.sender
to address(this)
as the tokens such as PAXG
and STA
fee-on-transfer tokens means it charges some fee on transfer. Now the issue arises because the accounting will be invalid as the createAmounts.deposit
will be out of sync with the balance of address(this)
as less than createAmounts.deposit
is transferred from the msg.sender
.
Stated accounting issue will occur and other Sablier accounting related functions perform operations using inputed/recorded amounts. They don't query the existing balance of tokens before or after receiving/sending in order to properly account for tokens that shift balance when received (FoT).
https://www.codehawks.com/report/clsxlpte900074r5et7x6kh96#M-02
Manual Review
Sablier accounting related functions perform operations using inputed/recorded amounts should query the existing balance of tokens before or after receiving/sending in order to properly account for tokens that shift balance when received (FoT).
https://www.codehawks.com/contests/clvb9njmy00012dqjyaavpl44
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.