The newly added contracts will not work well on fee-on-transfer tokens, because there is no consideration for fee on transfer.
Summary
The newly added contracts will not work well on fee-on-transfer tokens, because there is no consideration for fee on transfer.
Vulnerability Detail
The document of this protocol said, "We are allowing any standard token that would be compatible with Uniswap V3 to work with our codebase, just as was the case for the original audit of TellerV2.sol . The tokens are assumed to be able to work with Uniswap V3." Some fee-on-transfer tokens are used in uniswap V3. However the newly added contracts will not work well on fee-on-transfer tokens.
For example, in LenderCommitmentGroup_Smart.addPrincipalToCommitmentGroup(), totalPrincipalTokensCommitted will not be calculate correctly if the principalToken is a fee-on-transer token, because there is no consideration for fee on transfer.
function addPrincipalToCommitmentGroup(
uint256 _amount,
address _sharesRecipient
) external returns (uint256 sharesAmount_) {
//transfers the primary principal token from msg.sender into this contract escrow
principalToken.transferFrom(msg.sender, address(this), _amount);
sharesAmount_ = _valueOfUnderlying(_amount, sharesExchangeRate());
@> totalPrincipalTokensCommitted += _amount;
//principalTokensCommittedByLender[msg.sender] += _amount;
//mint shares equal to _amount and give them to the shares recipient !!!
poolSharesToken.mint(_sharesRecipient, sharesAmount_);
}
As a result, the the newly added contracts will not work well on fee-on-transfer tokens.
Impact
The newly added contracts will not work well on fee-on-transfer tokens.
KupiaSec
medium
The newly added contracts will not work well on fee-on-transfer tokens, because there is no consideration for fee on transfer.
Summary
The newly added contracts will not work well on fee-on-transfer tokens, because there is no consideration for fee on transfer.
Vulnerability Detail
The document of this protocol said, "We are allowing any standard token that would be compatible with Uniswap V3 to work with our codebase, just as was the case for the original audit of TellerV2.sol . The tokens are assumed to be able to work with Uniswap V3." Some fee-on-transfer tokens are used in uniswap V3. However the newly added contracts will not work well on fee-on-transfer tokens.
For example, in
LenderCommitmentGroup_Smart.addPrincipalToCommitmentGroup(),totalPrincipalTokensCommittedwill not be calculate correctly if theprincipalTokenis afee-on-transertoken, because there is no consideration for fee on transfer.As a result, the the newly added contracts will not work well on fee-on-transfer tokens.
Impact
The newly added contracts will not work well on fee-on-transfer tokens.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L307-L322
Tool used
Manual Review
Recommendation
Some modifications should be made to be able to use fee-on-transfer tokens.
Duplicate of #122