Incorrect Handling of Deflationary/Tax-on-Transfer Tokens in `Treasury` Contract Leading to Incorrect accounting and potential loss of funds.
Finding description and impact
The contract does not account for tokens that reduce the amount transferred, such as deflationary or tax-on-transfer tokens. These tokens deduct a percentage upon transfer, leading to incorrect balance tracking in the contract. This discrepancy can result in miscalculations of token holdings, incorrect execution of logic dependent on balance changes, and potential loss of funds.
Proof of Concept
-
If a contract assumes that
amounttokens are received without verifying the actual balance change, it may overestimate available funds. -
Example:
function deposit(address token, uint256 amount) external override nonReentrant {if (token == address(0)) revert InvalidAddress();if (amount == 0) revert InvalidAmount();IERC20(token).transferFrom(msg.sender, address(this), amount);_balances[token] += amount; // Incorrect Tracking_totalValue += amount; // Incorrect Trackingemit Deposited(token, amount);} -
The actual received tokens may be lower than
amount, leading to inconsistencies in balance tracking.
Recommended mitigation steps
Use balanceOf to determine the actual amount received:
Lead Judging Commences
Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.
Treasury::deposit increments _balances[token] with amount, not taking FoT or rebasing into account
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.