kirk-baird
commented
1 year ago This issue does not sufficiently describe any exploit paths or how rebasing tokens / FoT tokens can cause a loss of funds.
Closed code423n4 closed 1 year ago
kirk-baird
commented
1 year ago This issue does not sufficiently describe any exploit paths or how rebasing tokens / FoT tokens can cause a loss of funds.
c4-judge
commented
1 year ago kirk-baird marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2022-12-Stealth-Project/blob/fc8589d7d8c1d8488fd97ccc46e1ff11c8426ac2/maverick-v1/contracts/models/Pool.sol#L300
Vulnerability details
Impact
The Maverick AMM does not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.
Tools Used
Manual Code Review
Recommended Mitigation Steps
Maverick AMM can note in the project description or in the website that those tokens are not supported. If similar tokens are planned to be supported: