albertchon
commented
2 years ago Changed severity to QA since it's not a security vulnerability to implicitly disallow fee-on-transfer tokens
Open code423n4 opened 2 years ago
albertchon
commented
2 years ago Changed severity to QA since it's not a security vulnerability to implicitly disallow fee-on-transfer tokens
Lines of code
https://github.com/code-423n4/2022-02-anchor/blob/main/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L183-L201
Vulnerability details
Impact
The
handleTokenfunction ofCrossAnchorBridgedoes not correctly handle the received amount of fee-on-transfer tokens. For fee-on-transfer tokens (e.g., USDT), the received amount could be less than the requested amount because of the deducted fee. As a result, the subsequent call to the wormhole token bridge will fail because the anchor bridge does not own that many tokens, causing the whole transaction to revert.Proof of Concept
Referenced code:
ethereum/CrossAnchorBridge.sol#L183-L201
Recommended Mitigation Steps
If the anchor bridge is supposed to support fee-on-transfer tokens, get the real received amount by calculating the balance difference before and after the transfer.