c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #503
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #503
c4-judge
commented
1 year ago dmvt marked the issue as satisfactory
Judge has assessed an item in Issue #92 as 2 risk. The relevant finding follows:
[L-09] ERC4626 does not work with fee-on-transfer tokens Description The ERC4626 deposit/mint functions do not work well with fee-on-transfer tokens as the assets variable is the pre-fee amount, including the fee, whereas the totalAssets do not include the fee anymore.
This can be abused to mint more shares than desired.
Lines of code AdapterBase.sol Vault.sol Recommended Mitigation Steps assets should be the amount excluding the fee (i.e the amount the contract actually received), therefore it's recommended to use the balance change before and after the transfer instead of the amount.