Lacks of checks for `Fee-on-transfer` in `withdraw` function
Summary
Some tokens take a transfer fee (e.g. STA, PAXG), some do not currently charge a fee but may do so in the future (e.g. USDT, USDC).
The function withdraw uses _safe_transfer_from to transfer tokens without properly accounting for the possibility of a fee-on-transfer token, which could result in incorrect token balances after the transfer.
Vulnerability Details
The function uses _safe_transfer_from to transfer tokens from the contract to the caller without verifying that the expected amount of tokens is actually received. If the token being transferred has a fee-on-transfer mechanism, the caller might receive less than the expected amount, which could lead to unexpected outcomes or potential loss of funds.
Impact
The lack of a balance check before and after the transfer means that the contract could incorrectly assume that the full amount was transferred, leading to accounting errors and potential financial loss.
Tools Used
Recommendations
Implement a balance check before and after the _safe_transfer_from operation to ensure the correct amount of tokens are transferred. If the actual transferred amount is less than expected due to a fee, take appropriate action.
Lead Judging Commences
finding-TokenManager-FOT-Rebasing
Valid medium, there are disruptions to the ability to take market actions. The following functions will be disrupted without the possibiliy of reaching settlement, since the respective offers cannot be created/listed regardless of mode when transferring collateral token required to the CapitalPool contract or when refunding token from user to capital pool during relisting. So withdrawal is not an issue - `createOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L96-L102) - `listOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L355-L362) - `relistOffer()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L515-L521) - `createTaker()` - reverts [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L831-L836) I believe medium severity is appropriate although the likelihood is high and impact is medium (only some level of disruption i.e. FOT tokens not supported and no funds at risk)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.