Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Fee on Transfer Token Will Break accounting in PerpetualVault::deposit

hi_there

Summary

The deposit function in the PerpetualVault contract stores the deposit amount in the DepositInfo struct. However, if the token has a fee on transfer, the recorded amount will be higher than the actual tokens received by the contract, leading to inconsistencies.

Vulnerability Details

The deposit() function in PerpetualVault records the deposit amount before the token transfer occurs:

depositInfo[counter] = DepositInfo(amount, 0, msg.sender, 0, block.timestamp, address(0));
totalDepositAmount += amount;
// Then later
collateralToken.safeTransferFrom(msg.sender, address(this), amount);

For fee-on-transfer tokens, the actual amount received by the vault will be less than the amount parameter due to the fee deduction. However, the contract records the full pre-fee amount in its accounting.

Impact

  • The vault records receiving more tokens than it actually does

  • Users receive shares based on the pre-fee amount, not the actual deposit

  • If share prices are calculated based on total deposits, the protocol becomes gradually insolvent

Tools Used

Manual Review

Recommendations

Use balanceOf before and after the transfer to correctly determine the actual amount received.

  • Update the DepositInfo.amount field based on the net received amount instead of the requested deposit amount.

  • Consider adding explicit checks for fee-on-transfer tokens to prevent unexpected behavior.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!