First Flight #18: T-Swap

Summary

The TSwapPool smart contract, designed for token swapping and liquidity provision, faces a vulnerability when dealing with fee-on-transfer tokens. This report outlines the issue, its potential impact, tools used for analysis, and recommendations for mitigation.

Vulnerability Details

The contract's deposit function checks if a minimum amount of WETH (Wrapped Ether) is deposited. However, with fee-on-transfer tokens, the actual amount received by the contract may be less due to transfer fees. This discrepancy can cause the contract to revert erroneously when checking deposit amounts against predefined minimums.

Impact

The vulnerability could lead to transactions reverting even when users believe they have met the minimum deposit requirements.

Alice, a user, decides to deposit 10 WETH into the TSwapPool contract to mint liquidity tokens. She plans to deposit exactly 10 WETH to meet the minimum liquidity requirements specified by the contract. However, unbeknownst to Alice, the WETH she holds is a fee-on-transfer token.

Alice's Deposit Attempt:

Alice initiates a deposit transaction, sending 10 units of her fee-on-transfer WETH to the TSwapPool contract.
Transfer Mechanics:

Due to the fee-on-transfer mechanism, only 9.9 WETH is received by the TSwapPool contract after the transfer fee deduction.
Contract Check:

The deposit function in the contract verifies if wethToDeposit (10 WETH) meets the MINIMUM_WETH_LIQUIDITY requirement. However, since only 9.9 WETH is received, the contract perceives this as insufficient.
Revert Condition:

The contract then reverts the transaction, citing TSwapPool__WethDepositAmountTooLow, as it expected 10 WETH but received less due to the fee-on-transfer deduction.

"For the moment assume the following:

WETH, USDC, LINK, DAI

But, the buyer and seller could do whatever they want - just we would recommend against that."

Tools Used

Manual Review