chase-manning
commented
2 years ago The tokens that are staked are Backd LP Tokens. Backd LP Tokens to not have any fee on transfer type properties, so this vulnerability is not possible.
Closed code423n4 closed 2 years ago
chase-manning
commented
2 years ago The tokens that are staked are Backd LP Tokens. Backd LP Tokens to not have any fee on transfer type properties, so this vulnerability is not possible.
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/StakerVault.sol#L340
Vulnerability details
Impact
If token is fee on transfer the stakeFor be unavailable: strict equality as deposit funds transfer success condition will not be met whenever the fee is positive.
Setting the severity to medium as the core functions become unavailable in this case.
Proof of Concept
StakerVault's stakeFor requires balance difference to be strictly equal to the amount sent:
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/StakerVault.sol#L340
Recommended Mitigation Steps
Cannot simply remove the condition or replace equality with >=, as == how protects from reentrancy:
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/StakerVault.sol#L338
So the recommendation is to add nonReentrant kind of modifier and remove the condition if fee on transfer tokens are in the scope.