c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/libraries/DelegateTokenTransferHelpers.sol#L58

Vulnerability details

Impact

As the developer said Delegate protocol aim to support every tokens. But the Delegate protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.

Recommended Mitigation Steps

Ensure that to check previous balance/after balance equals to amount for any rebasing/inflation/deflation
If rebasing tokens is not a priority, be sure to document this properly.

Assessed type

ERC20

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #257

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c

GalloDaSballo commented 1 year ago

1L

code-423n4 / 2023-09-delegate-findings

Rebasing tokens not supported #366

Lines of code

Vulnerability details

Impact

Recommended Mitigation Steps

Assessed type