Current system is not capable with Fee on transfer tokens
Summary
Current asset-share calculation would become incorrect for fee-on transfer tokens.
Vulnerability Detail
If the assets in LenderCommitmentGroup_Smart is fee-on-transfer tokens, since the amount of tokens received by contract will be less than _amount, the asset/share ratio will be set incorrectly.
Impact
Users receive incorrect value of tokens with FoT tokens as assets.
BoRonGod
medium
Current system is not capable with Fee on transfer tokens
Summary
Current asset-share calculation would become incorrect for fee-on transfer tokens.
Vulnerability Detail
If the assets in
LenderCommitmentGroup_Smart
is fee-on-transfer tokens, since the amount of tokens received by contract will be less than_amount
, the asset/share ratio will be set incorrectly.Impact
Users receive incorrect value of tokens with FoT tokens as assets.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L307
Tool used
Manual Review
Recommendation
When users deposit to
LenderCommitmentGroup_Smart
, _amount should be the asset received by the contract.When users withdraw from
LenderCommitmentGroup_Smart
, _amount should be the asset sent by the contract.Duplicate of #122