Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Fee on Transfer Tokens Issue in `_transfer` Function

0xbeastboy

Github

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L233

Summary

The _transfer function in the TokenManager contract encounters issues when dealing with ERC20 tokens that have a fee on transfer. The function assumes that the amount specified for transfer is exactly what will be received, which may not hold true if the token imposes a transfer fee. This discrepancy can lead to unexpected behavior and failed transactions.

Vulnerability Details

The _transfer function checks the token balances before and after the transfer to validate the success of the operation. However, this approach assumes that the amount of tokens sent is the same as the amount received. For tokens with a fee on transfer, the amount received by the destination address will be less than the amount sent. This discrepancy can cause the function to revert due to the failed balance checks.

Impact

The function may incorrectly revert transactions if the token implements a fee on transfer, causing DOS in operations that rely on this function. Users might lose tokens due to failed transfers or incorrect calculations if the function does not account for transfer fees.

Tools Used

Manual Review

Recommendations

Modify the _transfer function to account for the potential fee deducted during the transfer. Instead of comparing exact amounts, allow for a small tolerance to accommodate fees.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-TokenManager-FOT-Rebasing

Valid medium, there are disruptions to the ability to take market actions. The following functions will be disrupted without the possibiliy of reaching settlement, since the respective offers cannot be created/listed regardless of mode when transferring collateral token required to the CapitalPool contract or when refunding token from user to capital pool during relisting. So withdrawal is not an issue - `createOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L96-L102) - `listOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L355-L362) - `relistOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L515-L521) - `createTaker()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L831-L836) I believe medium severity is appropriate although the likelihood is high and impact is medium (only some level of disruption i.e. FOT tokens not supported and no funds at risk)

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.