search

code-423n4 / 2024-07-karak-validation

0 stars 0 forks source link

handleSlashing not considering fees on transfer when the amount is burned. #360

Closed c4-bot-10 closed 2 months ago

c4-bot-10 commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-07-karak/blob/f5e52fdcb4c20c4318d532a9f08f7876e9afb321/src/SlashingHandler.sol#L52-L65

Vulnerability details

Impact

handleSlashing not considering fees on transfer when the amount is burned.This lead slashingHandler to not slash amonuts transfered to the contract

Proof of Concept

If Fees On transfer Token

https://github.com/code-423n4/2024-07-karak/blob/f5e52fdcb4c20c4318d532a9f08f7876e9afb321/src/SlashingHandler.sol#L52-L65


    function handleSlashing(IERC20 token, uint256 amount) external {
        if (amount == 0) revert ZeroAmount();
        if (!_config().supportedAssets[token]) revert UnsupportedAsset();

 =>       SafeTransferLib.safeTransferFrom(address(token), msg.sender, address(this), amount);
        // Below is where custom logic for each asset lives
=>        SafeTransferLib.safeTransfer(address(token), address(0), amount);
    }

Current contract will get less amount of tokens and hence safeTransfer to address(0).This lead slashingHandler to not slash amonuts transfered to the contract

Tools Used

Manual

Recommended Mitigation Steps

Consider fees on transfer

Assessed type

Context