code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L70 https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/zaps/PoolMigrationZap.sol#L58

Vulnerability details

As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution.

Affected code:

File: PoolMigrationZap.sol:

52:     function migrate(address oldPoolAddress_) public override {
...
58:         lpToken_.safeTransferFrom(msg.sender, address(this), lpTokenAmount_); //@audit FoT Tokens not supported
...
65:     }

File: VE3DRewardPool.sol

File: FeeBurner.sol
43:     function burnToTarget(address[] memory tokens_, address targetLpToken_)
...
48:     {
...
70:             token_.safeTransferFrom(msg.sender, address(this), tokenBalance_); //@audit FoT Tokens not supported
...
88:     }

Recommended Mitigation Steps

Use the balance before and after the transfer to calculate the received amount instead of assuming that it would be equal to the amount passed as a parameter.

chase-manning commented 2 years ago

We do not support fee on transfer tokens

GalloDaSballo commented 2 years ago

Dup of #167

code-423n4 / 2022-05-backd-findings

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies #165

Lines of code

Vulnerability details

Recommended Mitigation Steps