Open GalloDaSballo opened 3 months ago
The system stores balances in storage and then updates them
Some tokens will charge a fee on transfer
Meaning that _amount stored in the StoragePool will be higher than the actual balance received
_amount
StoragePool
https://github.com/blkswnStudio/ap/blob/8fab2b32b4f55efd92819bd1d0da9bed4b339e87/packages/contracts/contracts/BorrowerOperations.sol#L841-L851
function _poolAddColl( address _borrower, IStoragePool _pool, address _collAddress, uint _amount, PoolType _poolType ) internal { _pool.addValue(_collAddress, true, _poolType, _amount); IERC20(_collAddress).transferFrom(_borrower, address(_pool), _amount); /// @audit FOT / SafeTransfer }
These types of tokens are pretty rare, but this is a very common finding that you should think about
Imo acknowledge this and make sure not to use these tokens
Impact
The system stores balances in storage and then updates them
Some tokens will charge a fee on transfer
Meaning that
_amountstored in theStoragePoolwill be higher than the actual balance receivedhttps://github.com/blkswnStudio/ap/blob/8fab2b32b4f55efd92819bd1d0da9bed4b339e87/packages/contracts/contracts/BorrowerOperations.sol#L841-L851
These types of tokens are pretty rare, but this is a very common finding that you should think about
Mitigation
Imo acknowledge this and make sure not to use these tokens