Functions Not Considering ERC20 Transaction Fees

[code423n4]

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L227 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L235 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L262 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L267 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L228-L229 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L95-L102 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L115 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L127 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L164 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L182

Vulnerability details

Impact

Some ERC20 tokens charge a transaction fee for every transfer (used to encourage staking, add to liquidity pool, pay a fee to contract owner, etc.). Sometimes this is not a problem but in the cases where the same value is passed to a state variable and to the transfer function it is because is technically storing a value without accounting for the fee.

Proof of Concept

When transferring an ERC20 token that charges a fee, if the same value is used for both the transfer and a state variable, the state variable will store an incorrect amount, as it won't account for the fee. This can lead to discrepancies in balance tracking within the contract.

Tools Used

Manual Review

Recommended Mitigation Steps

Adjust the value passed to state variables to account for transaction fees, ensuring accurate value storage.

Assessed type

ERC20

[c4-pre-sort]

141345 marked the issue as low quality report

[141345]

bot race known issue MEDIUM-4

[c4-judge]

gzeon-c4 marked the issue as unsatisfactory: Out of scope