Incompatability with deflationary / fee-on-transfer tokens

[code423n4]

Handle

cmichel

Vulnerability details

Vulnerability Details

The DInterest.deposit function takes a depositAmount parameter but this parameter is not the actual transferred amount for fee-on-transfer / deflationary (or other rebasing) tokens.

Impact

The actual deposited amount might be lower than the specified depositAmount of the function parameter. This would lead to wrong interest rate calculations on the principal.

Recommended Mitigation Steps

Transfer the tokens first and compare pre-/after token balances to compute the actual deposited amount.

[ZeframLou]

While this is true, we have no plans to support fee-on-transfer or rebasing tokens.