search

code-423n4 / 2021-07-sherlock-findings

0 stars 0 forks source link

Transfer-on-fee/deflationary tokens are not correctly accounted for #143

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

When a user stakes or a protocol deposits a transfer-on-fee/deflationary token, the solution does not correctly handle the received amount, which could be less than what is accounted for.

Proof of Concept

Referenced code: PoolOpen.sol#L36-L38 PoolBase.sol#L270-L271

Recommended Mitigation Steps

Get the actual received amount by calculating the difference of token balance before and after the transfer. For example, re-writing line 36-38 of PoolOpen as follows:

uint256 balanceBefore = _token.balanceOf(address(this));
_token.safeTransferFrom(msg.sender, address(this), _amount);
uint256 receivedAmount = _token.balanceOf(address(this)) - balanceBefore;

lock = LibPool.stake(ps, receivedAmount, _receiver);
Evert0x commented 3 years ago

12