There are ERC20 tokens that may make certain customizations to their ERC20 contracts.
Some tokens charge a certain fee for every transfer() or transferFrom().
Others types are rebasing tokens that increase in value over time like Aave's aTokens (balanceOf changes over time).
Impact
The PoolBase.depositProtocolBalance() function will introduce unexpected balance inconsistencies when comparing internal asset records with external ERC20 token contracts.
The protocol's protocolBalance will include the paid fees which have not been received.
At some point, trying to pay out premiums will revert as the true underlying tokens are less than what's stored in protocolBalance.
Recommended Mitigation Steps
One possible mitigation is to measure the asset change right before and after the asset-transferring routines
Evert0x
commented
3 years ago
Handle
cmichel
Vulnerability details
There are ERC20 tokens that may make certain customizations to their ERC20 contracts. Some tokens charge a certain fee for every
transfer()ortransferFrom(). Others types are rebasing tokens that increase in value over time like Aave's aTokens (balanceOfchanges over time).Impact
The
PoolBase.depositProtocolBalance()function will introduce unexpected balance inconsistencies when comparing internal asset records with external ERC20 token contracts. The protocol'sprotocolBalancewill include the paid fees which have not been received. At some point, trying to pay out premiums will revert as the true underlying tokens are less than what's stored inprotocolBalance.Recommended Mitigation Steps
One possible mitigation is to measure the asset change right before and after the asset-transferring routines