Description:Description
As mentioend by sponsers any ERC 20 is allowed, there are several ERC20 tokens that take a small fee on transfers/transferFroms (known as "fee-on-transfer" tokens). For these tokens, it should not be assumed that if you transfer x tokens to an address, the address actually receives x tokens. In the createCampaigns function, the amount used for calculations is assumed to be the amount transferred. However, the contract will have amount - fee in its balance, causing the _processRewardClaim function to revert and resulting in funds being stuck in the contract.
Attack Scenario
A user wants to create a campaign and uses fee-on-transfer tokens, setting the amount as 1000. The contract assumes 1000 tokens are transferred, but only 1000 - fee tokens are actually transferred to the contract, leading to potential reverts when _processRewardClaim is called.
Revised Code File (Optional)
Calculate the balance before and after the transfer and use the difference for the amount variable.
By making these changes, the contract will correctly handle fee-on-transfer tokens, ensuring that the actual amount transferred is used for subsequent calculations, thus preventing potential reverts and ensuring funds are not stuck in the contract.
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xd972c2f66bb2ea8981fdfbe887602d67b1b14a0e0f5c7d7aa917c3298cb29bb1 Severity: medium
Description: Description As mentioend by sponsers any ERC 20 is allowed, there are several ERC20 tokens that take a small fee on transfers/transferFroms (known as "fee-on-transfer" tokens). For these tokens, it should not be assumed that if you transfer x tokens to an address, the address actually receives x tokens. In the
createCampaigns
function, the amount used for calculations is assumed to be the amount transferred. However, the contract will haveamount - fee
in its balance, causing the_processRewardClaim
function to revert and resulting in funds being stuck in the contract.Attack Scenario A user wants to create a campaign and uses fee-on-transfer tokens, setting the amount as 1000. The contract assumes 1000 tokens are transferred, but only
1000 - fee
tokens are actually transferred to the contract, leading to potential reverts when_processRewardClaim
is called.Revised Code File (Optional)
Calculate the balance before and after the transfer and use the difference for the amount variable.
By making these changes, the contract will correctly handle fee-on-transfer tokens, ensuring that the actual amount transferred is used for subsequent calculations, thus preventing potential reverts and ensuring funds are not stuck in the contract.