There are tokens which charge fees when moving them and of they are used as collaterals, the protocol won't work properly
Vulnerability Details
For instance in DSCEngine.sol
function depositCollateral(address tokenCollateralAddress, uint256 amountCollateral)
public
moreThanZero(amountCollateral)
isAllowedToken(tokenCollateralAddress)
nonReentrant
{
s_collateralDeposited[msg.sender][tokenCollateralAddress] += amountCollateral;
emit CollateralDeposited(msg.sender, tokenCollateralAddress, amountCollateral);
bool success = IERC20(tokenCollateralAddress).transferFrom(msg.sender, address(this), amountCollateral);
if (!success) {
revert DSCEngine__TransferFailed();
}
}
The following line will lead to the protocol receiving less tokens than expected
bool success = IERC20(tokenCollateralAddress).transferFrom(msg.sender, address(this), amountCollateral);
Impact
The protocol will have accounting errors
Tools Used
Manual review
Recommendations
Consider choosing collateral tokens that do not support transfer fees or get the actual received amount by calculating the difference of token balance before and after the transfer.
Fee on transfer collaterals
Severity
Medium Risk
Summary
There are tokens which charge fees when moving them and of they are used as collaterals, the protocol won't work properly
Vulnerability Details
For instance in DSCEngine.sol
The following line will lead to the protocol receiving less tokens than expected
bool success = IERC20(tokenCollateralAddress).transferFrom(msg.sender, address(this), amountCollateral);Impact
The protocol will have accounting errors
Tools Used
Manual review
Recommendations
Consider choosing collateral tokens that do not support transfer fees or get the actual received amount by calculating the difference of token balance before and after the transfer.