compatTransfer function doesn't handle all non-compliant ERC20 tokens (Deflationary tokens). Due to this, loss of funds may occur
During transfer of deflationary tokens, a small amount of fee deducted. So if the contract doesn't keep a track, less amount will be transferred.
In this case, compatTransfer doesn't do that
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/LibERC20Compat.sol#L12
Vulnerability details
Impact
compatTransfer
function doesn't handle all non-compliant ERC20 tokens (Deflationary tokens). Due to this, loss of funds may occurDuring transfer of deflationary tokens, a small amount of fee deducted. So if the contract doesn't keep a track, less amount will be transferred. In this case,
compatTransfer
doesn't do thatProof of Concept
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/LibERC20Compat.sol#L12
Tools Used
Manual review
Recommended Mitigation Steps
Check the balance of the token before and after the transfer, to confirm whether intended amount of transferred token is deposited or not.