the shares which are minted to share recipient is calculated based on amount which is transfered from msg.sender to escrow contract but it is possible that the tokens which are transferred are Fee On Transfer token so amount which is being sent will not be same amount which will be received by the contract and As the amount of shares to mint is calculated based on amount send not on amount actually received so more shares will be minted.
Impact
Due to Fee On Transfer tokens the amount received by escrow will be less but shares minted would be more compare to actual amount received.
psb01
medium
Implementation of addPrincipalToCommitmentGroup() does not support Fee On Transfer tokens.
Summary
FOT tokens not supported in addPrincipalToCommitmentGroup() for minting shares.
Vulnerability Detail
Inside LenderCommitmentGroup_Smart.sol, In function addPrincipalToCommitmentGroup() In below given code
principalToken.transferFrom(msg.sender, address(this), _amount);sharesAmount_ = _valueOfUnderlying(_amount, sharesExchangeRate());the shares which are minted to share recipient is calculated based on amount which is transfered from msg.sender to escrow contract but it is possible that the tokens which are transferred are Fee On Transfer token so amount which is being sent will not be same amount which will be received by the contract and As the amount of shares to mint is calculated based on amount send not on amount actually received so more shares will be minted.
Impact
Due to Fee On Transfer tokens the amount received by escrow will be less but shares minted would be more compare to actual amount received.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L307-L322
Tool used
Manual Review
Recommendation
Check balance of contract before and after transfer of amount and mint shares based on actual amount received.
Duplicate of #122