There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer() or transferFrom().
Assume that the BaseVault.asset() is a deflationary one. When a user call function BaseVault.deposit(x, addr), the actual amount of asset tokens that contract received will be smaller than x. This will make the call _executeProviderAction(assets, "deposit", activeProvider) revert since the provider requires the contract transfer exactly x tokens.
Since anyone can create a vault with arbitrary asset when Chief.permissionlessDeployments == true. The user can create one with fee-on-transfer tokens, to make the the protocol totally decentrallize, the contracts should support these type of tokens.
Attack scenario
Bob call BaseVault.deposit(x, addr, addr), BaseVault receive y asset tokens (y < x).
Function delegatecall to provider.deposit() which will revert because of not enough fund.
Recommendation
Remember to calculate the actual amount token received by subtracting the balance of contract after and before the transferring.
Title
Lack of supporting for Fee-on-Transfer token
Affected smart contract
https://github.com/Fujicracy/fuji-v2/blob/1b939ec84af137db430fc2aa1b4c6f15e5254003/packages/protocol/src/abstracts/BaseVault.sol#L546-L547
Description
There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every
transfer()
ortransferFrom()
.Assume that the
BaseVault.asset()
is a deflationary one. When a user call functionBaseVault.deposit(x, addr)
, the actual amount of asset tokens that contract received will be smaller thanx
. This will make the call_executeProviderAction(assets, "deposit", activeProvider)
revert since the provider requires the contract transfer exactly x tokens.Since anyone can create a vault with arbitrary asset when
Chief.permissionlessDeployments == true
. The user can create one with fee-on-transfer tokens, to make the the protocol totally decentrallize, the contracts should support these type of tokens.Attack scenario
BaseVault.deposit(x, addr, addr)
,BaseVault
receive y asset tokens (y < x).provider.deposit()
which will revert because of not enough fund.Recommendation
Remember to calculate the actual amount token received by subtracting the balance of contract after and before the transferring.