Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

USDC has a fee on transfer function ready to be activated

mizila_firox

Summary

Stable coins like USDC or USDT have have functions to turn on fees on transfers messing up all the calculations. it should account for that.

Vulnerability Details

dealing with stable coins like USDC or USDT is tricky because they will have functions to trigger fees on transfer at any minute they want and this would set off all calculations in the code.

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/zeno/ZENO.sol

function redeem(uint amount) external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
if (amount == 0) {
revert ZeroAmount();
}
uint256 totalAmount = balanceOf(msg.sender);
if (amount > totalAmount) {
revert InsufficientBalance();
}
totalZENORedeemed += amount;
_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount);
}
function redeemAll() external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
uint256 amount = balanceOf(msg.sender);
totalZENORedeemed += amount;
_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount);
}

Impact

as certain as tomorrow will arrive USDC will be turning on their fees on transfer to mess all of your calculations on these functions. so calculate for that.

Tools Used

manual

Recommendations

calculate fee on transfer everywhere USDC is transfered.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!