search

code-423n4 / 2023-01-drips-findings

0 stars 2 forks source link

Fee on transfer and rebase tokens are not supported, however docs says that any erc20 is supported #106

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L636

Vulnerability details

Impact

Detailed description of the impact of this finding.

Proof of Concept

Docs of protocol say that any erc20 token is supported.

https://v2.docs.drips.network/docs/drips-v2-features#multi-token-support-any-erc20

Drips v2 allows streaming of any ERC20 token.

However it's not like that. In case if fee on transfer tokens or rebasing tokens will be used by protocol then it will stop working normally as Drips contract never checks balances, when doing calculations.

For example, here in case if fee on transfer token is used, balance will be increased with amount without fee. As result balance of ERC20 token will be outdated and next calculations for drips for the receivers will be wrong.

Tools Used

VsCode

Recommended Mitigation Steps

Make your documentation be inline with the code, so users will not use all erc20.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #223

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Out of scope