function handleSlashing(IERC20 token, uint256 amount) external {
if (amount == 0) revert ZeroAmount();
if (!_config().supportedAssets[token]) revert UnsupportedAsset();
=> SafeTransferLib.safeTransferFrom(address(token), msg.sender, address(this), amount);
// Below is where custom logic for each asset lives
=> SafeTransferLib.safeTransfer(address(token), address(0), amount);
}
Current contract will get less amount of tokens and hence safeTransfer to address(0).This lead slashingHandler to not slash amonuts transfered to the contract
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/f5e52fdcb4c20c4318d532a9f08f7876e9afb321/src/SlashingHandler.sol#L52-L65
Vulnerability details
Impact
handleSlashing not considering fees on transfer when the amount is burned.This lead slashingHandler to not slash amonuts transfered to the contract
Proof of Concept
If Fees On transfer Token
https://github.com/code-423n4/2024-07-karak/blob/f5e52fdcb4c20c4318d532a9f08f7876e9afb321/src/SlashingHandler.sol#L52-L65
Current contract will get less amount of tokens and hence safeTransfer to address(0).This lead slashingHandler to not slash amonuts transfered to the contract
Tools Used
Manual
Recommended Mitigation Steps
Consider fees on transfer
Assessed type
Context