Open code423n4 opened 3 years ago
Same as #62 & #13 in my opinion
Agree with finding, checking actual balance of contract would mitigate vulnerability
Additionally ensuring the protocol never uses rebasing or tokens with feeOnTransfer
can be enough to mitigate
The vulnerability can brick the protocol
However it can be sidestepped by simply not using feeOnTransfer
tokens
Downgrading to medium
Handle
cmichel
Vulnerability details
There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every
transfer()
ortransferFrom()
. Others are rebasing tokens that increase in value over time like Aave's aTokens (balanceOf
changes over time).Impact
The
VaultHelper
'sdepositVault()
anddepositMultipleVault
functions transfer_amount
tothis
contract usingIERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);
. This could have a fee, and less than_amount
ends up in the contract. The next actual vault deposit usingIVault(_vault).deposit(_token, _amount);
will then try to transfer more than thethis
contract actually has and will revert the transaction.Recommended Mitigation Steps
One possible mitigation is to measure the asset change right before and after the asset-transferring routines. This is already done correctly in the
Vault.deposit
function.