Rounding Errors in FeeDistribution.sol::receiveMarketFee
Summary
The function receiveMarketFee(...) does not account for fee-on-transfer tokens, leading to discrepancies between expected and actual token amounts
Vulnerability Details
The function assumes the received token amount equals the transferred amount.
Fee-on-transfer tokens result in fewer tokens being received than expected.
to receive tokens assumed to be equal to amount . However, tokens that charge transfer fees
(often called fee-on-transfer) would result in the contract receiving fewer tokens than
expected. Because the contract records the entire amount in its internal ledger, there is a
discrepancy between the real token amount and the accounted amount. This discrepancy can
lead to inflated tracked balances and unexpected shortfalls when converting accumulated
fees to WETH.
Impact
Inflated tracked balances and unexpected shortfalls when converting fees to WETH.
Tools Used
Manual code review.
Recommendations
Adjust the recorded amount to reflect the actual received tokens.
Implement checks for fee-on-transfer tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.