Open hats-bug-reporter[bot] opened 4 months ago
Thank you for the submission.
If the support for such tokens was claimed, then this thing would indeed be valid. But I also want to note:
fee-on-transfer tokens are custom implementations The code where the problem exists is part of OOS Tokens must be approved by authorized users, which also mitigates this problem and reduces it to inattention in adding support for such tokens by authorized users
Could you tell where it is made clear that this type of tokens will not be used?
If I'm not mistaken, nowhere does it say that they also need to be maintained. In most cases, the severity level for this type of issue is recognized as low.
In addition, support for this type of token is not mandated by the Thena/Chronos code we follow and due to the lack of impact remains OOS
Github username: @Rotcivegaf Twitter username: rotcivegaf Submission hash (on-chain): 0x2b5cf9568de5beb49effc2864f66cc6063bdbd8ce902c68a5a04c7ad4514e19e Severity: medium
Description: Lines:
Description:
Should a fee-on-transfer token be added as a reward token and deposited, the tokens will be locked in the
BribeUpgradeable
contract. Voters will be unable to withdraw their rewards.Attack Scenario:
Tokens are deposited into the
BribeUpgradeable
contract usingnotifyRewardAmount
, where amount of tokens are transferred, then added directly torewardData[_rewardsToken][_startTimestamp].rewardsPerEpoch
, but the amount received is less than the amount requested leaving this variable brokenFor example:
notifyRewardAmount
, with token as token that charges a 10% fee upon any transfer, and amount = 100_safeTransferFrom
() only transfers 90 tokens to the contract due to the 10% feetokenRewardsPerEpoch[token][adjustedTstamp]
becomes 100getReward
is called with the same token and epochStartrewardPerEpoch = tokenRewardsPerEpoch[token][epochStart] = 100
andsafeTransfer
attempts to transfer 100 tokens out of the contractgetReward
revertsRecommended Mitigation Steps: