gititGoro
commented
2 years ago The following issue originally submitted as QA is a bug
Title: PermissionlessBasicPoolFactory.sol tokens with fee on transfer are not supported
Impact
There are ERC20 tokens that charge fee for every transfer() or transferFrom(). In the current implementation, PermissionlessBasicPoolFactory.sol assumes that the received amount is the same as the transfer amount, and uses it to calculate rewards. As a result, in withdraw(), later users may not be able to successfully withdraw their tokens, as it may revert at L230 for insufficient balance. https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/PermissionlessBasicPoolFactory.sol#L230
Recommended Mitigation Steps
Consider comparing before and after balance to get the actual transferred amount.
Judge has assessed an item in Issue #198 as Medium risk. The relevant finding follows: