Underlying asset can be fee-on-transfer token
Summary
If the collateral asset is weird ERC20 fee-on-transfer token (say USDT), then the function AaveDIVAWrapper::_handleTokenOperations mints more wTokens than the underlying asset present in the contract (after transfered from the user)
Vulnerability Details
The function AaveDIVAWrapper::_handleTokenOperations is being used when there is collateral token is registered or when a pool is created. So, it supposed to mint the wTokens as same as of the collateral tokens as it is representing the collateral asset in DIVA protocol. But if the collateral token is fee-on-transfer token, there will be a transfer fee for that token, so the number tokens get deposited is less than the user transfered, but the number of wTokens minted are same as the number of collateral tokens user transfered.
Tools Used
Manual
Recommendations
check balance of underlying asset before the safeTransferFrom and also subtract it from the balance of underlying asset after the safeTransferFrom, such that we can identify how may collateral tokens get transfered into the AaveDIVAWrapper contract.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.