Normal behavior:
The contract assumes all ERC20 tokens behave according to the standard, meaning the amount transferred is exactly the amount specified, with no fees or hooks. This is true for most major tokens, but not all.
Issue:
If a fee-on-transfer token (which deducts a fee on every transfer) is allowed, the contract logic will break. The amount received or sent will not match the expected value, leading to buyers or sellers receiving less than intended, and protocol accounting becoming inaccurate.
Explanation: The protocol logic assumes the full amount is transferred, but fee-on-transfer tokens break this assumption, causing user losses and accounting errors.
Likelihood:
Owner may add a fee-on-transfer token to the allowed list, either intentionally or by mistake.
Users may create orders with such tokens, leading to broken logic.
Impact:
Buyers or sellers may receive less than expected, leading to loss of funds and disputes.
Protocol accounting becomes inaccurate, potentially leading to further bugs or vulnerabilities.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.