actually, the protocol stores the amount of the underlying token after the fee cut but if the token has the fees it will be wrong because there are fewer tokens with the higher fake amount
Vulnerability Detail
some tokens have fees in transferring process and the lend protocol also do cutting fee it will make issue because after that it gives us amount = doCutDepositFee(token, amount); amount and protocol stores that
the amount that stored in protocol will not match with the tokens that really in the contract and it will cause really big problems and protocol insolvency
Code Snippet
function lend(address token, uint256 amount)
external
override
inExec
poke(token)
onlyWhitelistedToken(token)
{
if (!isLendAllowed()) revert LEND_NOT_ALLOWED();
Position storage pos = positions[POSITION_ID];
Bank storage bank = banks[token];
if (pos.underlyingToken != address(0)) {
// already have isolated collateral, allow same isolated collateral
if (pos.underlyingToken != token)
revert INCORRECT_UNDERLYING(token);
}
IERC20Upgradeable(token).safeTransferFrom(
pos.owner,
address(this),
amount
);
amount = doCutDepositFee(token, amount);
pos.underlyingToken = token;
pos.underlyingAmount += amount;
if (address(ISoftVault(bank.softVault).uToken()) == token) {
IERC20Upgradeable(token).approve(bank.softVault, amount);
pos.underlyingVaultShare += ISoftVault(bank.softVault).deposit(
amount
);
} else {
IERC20Upgradeable(token).approve(bank.hardVault, amount);
pos.underlyingVaultShare += IHardVault(bank.hardVault).deposit(
token,
amount
);
}
bank.totalLend += amount;
emit Lend(POSITION_ID, msg.sender, token, amount);
}
Avci
high
wrong calculation in logic of the Lend function
Summary
actually, the protocol stores the amount of the underlying token after the fee cut but if the token has the fees it will be wrong because there are fewer tokens with the higher fake amount
Vulnerability Detail
some tokens have fees in transferring process and the lend protocol also do cutting fee it will make issue because after that it gives us
amount = doCutDepositFee(token, amount);
amount and protocol stores thatSome tokens take a transfer fee
(e.g. STA, PAXG)
Impact
the amount that stored in protocol will not match with the tokens that really in the contract and it will cause really big problems and protocol insolvency
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L620
Tool used
Manual Review
Recommendation
Duplicate of #153