Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Fee-on-Transfer Tokens Not Supported in `_transfer()` Function

atharv181

Summary

The _transfer() function in the tokenManager.sol contract does not account for tokens that implement a fee on transfer, which can lead to transaction failures. The function expects the balances before and after the transfer to change by exactly the transferred amount, which is not the case for fee-on-transfer tokens.

Vulnerability Details

In the _transfer() function, the code checks if the from balance decreases by the exact amount and if the to balance increases by the same amount. This logic assumes that the token does not deduct any fees during the transfer. However, for tokens with a fee on transfer, the actual amount received by the to address will be less than _amount, causing the function to revert with a TransferFailed error.

Issue is because of this check

if (toBalanceAft != toBalanceBef + _amount) {

revert TransferFailed();

}

Impact

This issue will cause the _transfer() function to fail when dealing with fee-on-transfer tokens. It could prevent users from using such tokens with the protocol, limiting the protocol's flexibility and compatibility with different ERC-20 tokens.

Tools Used

Manual Review

Recommendations

Modify Balance Checks: Adjust the balance checks to account for possible fees during the transfer. This can be done by removing the exact balance check and instead verifying that the to balance has increased.

if (toBalanceAft == toBalanceBef) {

revert TransferFailed();

}

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-TokenManager-FOT-Rebasing

Valid medium, there are disruptions to the ability to take market actions. The following functions will be disrupted without the possibiliy of reaching settlement, since the respective offers cannot be created/listed regardless of mode when transferring collateral token required to the CapitalPool contract or when refunding token from user to capital pool during relisting. So withdrawal is not an issue - `createOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L96-L102) - `listOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L355-L362) - `relistOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L515-L521) - `createTaker()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L831-L836) I believe medium severity is appropriate although the likelihood is high and impact is medium (only some level of disruption i.e. FOT tokens not supported and no funds at risk)

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.