0xean
commented
2 years ago We don't support FOT as explicitly called out in the contest readme.
Closed code423n4 closed 2 years ago
0xean
commented
2 years ago We don't support FOT as explicitly called out in the contest readme.
GalloDaSballo
commented
2 years ago I believe the sponsor made it clear that they wouldn't target feeOnTransfer tokens, as such am marking as invalid
Handle
UncleGrandpa925
Vulnerability details
Impact
This issue impacts any pools that use fee-on-transfer quoteTokens.
In addLiquidity, the check for feeOnTransfer was only for baseToken and not for quoteToken, leading to a pool with feeOnTransfer quoteTokens can still be created & liquidity added to. This will lead to the actual reserve of those pools being smaller than the internalReserve, and eventually, lead to many undefined behaviors.
Recommended Mitigation Steps
A check for feeOnTransfer should be added