Clearwood
commented
3 years ago Non support of non standard tokens does not constitute a bug
Closed code423n4 closed 3 years ago
Clearwood
commented
3 years ago Non support of non standard tokens does not constitute a bug
ghoul-sol
commented
3 years ago per sponsor comment, invalid
Handle
0xRajeev
Vulnerability details
Impact
Deflationary tokens deduct a fee in transfers which causes their amount transferred to be less than that specified. It is not clear that the auction contracts plan to support such tokens as payment currency (via a whitelist for e.g.) because the implemented logic does not calculate the before-and-after balances to account for such tokens.
Proof of Concept
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/BatchAuction.sol#L223-L224
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/Crowdsale.sol#L279-L280
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/DutchAuction.sol#L316-L317
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/HyperbolicAuction.sol#L315-L316
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add logic to support such tokens or document the non-support warning.