search

sherlock-audit / 2022-11-bullvbear-judging

0 stars 0 forks source link

saian - Fee on transfer tokens is not supported #144

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

saian

low

Fee on transfer tokens is not supported

Summary

Fee on transfer token will cause revert if balance is lesser than the input value

Vulnerability Detail

If order.asset is a fee-on-transfer token, the amount transferred into the contract will be lesser than the input value, This will cause users to loose tokens and will revert if the balance is lesser than the value stored in the order

Impact

Function reclaimContract will revert if balance is lesser than the bullAssetAmount

Code Snippet

https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L437

        if (bullAssetAmount > 0) {
            // Transfer payment tokens to the Bull
            IERC20(order.asset).safeTransfer(bull, bullAssetAmount);
        }

https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L861

        IERC20(asset).safeTransfer(recipient, amount);

Tool used

Manual Review

Recommendation

Store the before and after balance and use the difference as order price