Contracts are vulnerable to fee-on-transfer accounting-related issues
Summary
The depositfunction is designed to allow deposits into the strategy by transferring tokens from a depositor. However, the function currently does not verify the token balances before and after the transfer. This can lead to potential issues where the actual amount transferred is different from the expected amount, causing discrepancies in the accounting and potential security vulnerabilities.
Vulnerability Detail
The function does not verify the balances of token0 and token1 before and after the safeTransferFrom calls. This verification is crucial to ensure that the exact amount of tokens expected to be transferred are indeed transferred. Without this verification, there could be discrepancies due to issues such as insufficient allowance, incorrect balances, or other unforeseen errors.
Impact
Incorrect Accounting: Discrepancies in the actual amount of tokens transferred versus the expected amount.
To ensure that the correct amount of tokens are transferred, add checks to verify the balances before and after the safeTransferFrom calls. This will help to detect any discrepancies immediately and ensure that the function operates as expected.
NoOne
medium
Contracts are vulnerable to fee-on-transfer accounting-related issues
Summary
The
depositfunction is designed to allow deposits into the strategy by transferring tokens from a depositor. However, the function currently does not verify the token balances before and after the transfer. This can lead to potential issues where the actual amount transferred is different from the expected amount, causing discrepancies in the accounting and potential security vulnerabilities.Vulnerability Detail
The function does not verify the balances of
token0andtoken1before and after thesafeTransferFromcalls. This verification is crucial to ensure that the exact amount of tokens expected to be transferred are indeed transferred. Without this verification, there could be discrepancies due to issues such as insufficient allowance, incorrect balances, or other unforeseen errors.Impact
Incorrect Accounting: Discrepancies in the actual amount of tokens transferred versus the expected amount.
Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/modules/ValantisHOTModulePublic.sol#L79-L80
Tool used
Manual Review
Recommendation
To ensure that the correct amount of tokens are transferred, add checks to verify the balances before and after the
safeTransferFromcalls. This will help to detect any discrepancies immediately and ensure that the function operates as expected.