[M-01] Protocol Won't Work With Fee-on-Transfer or Rebasing Tokens

Summary

The protocol fails to function correctly when interacting with fee-on-transfer or rebasing tokens. Specifically, the last player is unable to claim their rewards, and the owner encounters an error when attempting to call closePot.

Vulnerability Details

Fee-on-transfer tokens deduct a fee every time a transfer is made, which affects the actual balance of tokens. Due to this, the last player cannot claim their rewards, as their balance is insufficient to cover the required amount. Additionally, when the closePot function is called, an underflow error occurs in the calculations because the actual balance of tokens held by the contract may differ from what is expected.

Impact

• The last player in the contest will not receive their rewards.

• The owner will be unable to call closePot due to an underflow error resulting from discrepancies in token balances.

Proof of Concept

Add the following test to the existing test suite to reproduce the issue:

Tools Used

Manual Review

Recommendations

To handle fee-on-transfer or rebasing tokens correctly:

• Update Balance Tracking: Ensure that the contract can accurately track the actual balance of tokens held, accounting for any fees deducted during transfers.

• Adjust Calculations: Modify the reward calculations to consider the impact of fee-on-transfer tokens, ensuring that all claimants receive their correct share, even with fees applied.

• Add Balance Checks: Implement checks to confirm sufficient balance before attempting to transfer tokens or perform operations dependent on token balance.
  By implementing these recommendations, the protocol can better handle tokens with fees or rebase mechanisms and avoid issues related to balance discrepancies.