search

code-423n4 / 2024-05-munchables-findings

3 stars 1 forks source link

Fee-on-Transfer tokens are not handled for the lock function #512

Closed howlbot-integration[bot] closed 3 months ago

howlbot-integration[bot] commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol/#L311

Vulnerability details

Impact

lockedToken quantity will be inflated for fee on transfer tokens. It will not reflect the real amount.

Proof of Concept

According to the readme, fee on transfer token behaviour is in scope. However, fee on transfer tokens are not handled in the _lock function

token.transferFrom(_tokenOwner, address(this), _quantity);

The _lock function expects to receive the full transfer amount (_quantity).

However, the _lock function does not account for tokens that apply a fee on transfer, which will result in the contract receiving less than _quantity in case of fee on transfer tokens.

lockedToken.quantity += _quantity;

The function records the full _quantity without checking if the actual received amount is less due to fees.

Tools Used

Recommended Mitigation Steps

Use balanceOf before and after the transferFrom call to get the real amount of tokens received.

Assessed type

ERC20

c4-judge commented 3 months ago

alex-ppg marked the issue as unsatisfactory: Out of scope