Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of Support for Fee-on-Transfer Tokens

ro1sharkm

Summary

The protocol aims to support various ERC20 tokens but fails to account for tokens that charge a fee on transfer. In certain cases, the protocol does not query the actual amount of tokens received after a transfer leading to potential accounting issues and incorrect behavior downstream.

For instance, some tokens (e.g., stETH) have edge cases where the amount transferred is slightly less than the specified amount due to rounding or fee mechanisms. If the protocol does not handle these cases, it can result in incorrect accounting or even denial of service for users.

Vulnerability Details

The protocol does not account for fee-on-transfer tokens which deduct a fee during transfers. This means the actual amount received by the contract may be less than the specified amount parameter

For Instance:

The stake function of the BaseGauge contract assumes that the full amount of stakingToken is transferred to the contract.

If stakingToken is a fee-on-transfer token, the actual amount received will be less than amount.

The _totalSupply and _balances mappings are updated with the full amount leading to incorrect accounting.

function stake(uint256 amount) external nonReentrant updateReward(msg.sender) {

if (amount == 0) revert InvalidAmount();

_totalSupply += amount;

_balances[msg.sender] += amount;

stakingToken.safeTransferFrom(msg.sender, address(this), amount);

emit Staked(msg.sender, amount);

}

Code Snippets:

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/BaseGauge.sol#L261
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L422
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L525
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/StabilityPool/StabilityPool.sol#L176

Impact

Accounting discrepancies such as overstated balances and mismatched reserves which can result in Loss of funds for users.
Tokens received by users will be less than the amount emitted in events leading to confusion and potential disputes.

Tools Used

Manual code review

Recommendations

To handle fee-on-transfer tokens correctly, implement a mechanism to measure the actual amount of tokens received after a transfer. This can be done by checking the contract's balance before and after the transfer and using the difference as the actual amount.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!