search

code-423n4 / 2022-05-cally-findings

2 stars 0 forks source link

Inconsistent balance when depositing fee-on transfer tokens #238

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L200

Vulnerability details

Impact

There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer() or transferFrom().

Proof of Concept

The Cally.createVault() function will credit more ERC20 deposits than the contract actually received:

Cally.sol#L200

Tools Used

Manual review

Recommended mitigation steps

As the vault owner can use any ERC20 token as the underlying asset, make sure the contract supports fee-on transfer tokens.

Get the actual received amount by calculating the difference of token balance before and after the transfer and use this value for Vault.tokenIdOrAmount.

outdoteth commented 2 years ago

reference issue: https://github.com/code-423n4/2022-05-cally-findings/issues/39