Fee on transfer and rebase tokens will break the internal accounting of the protocol.
Summary
Fee on transfer and rebase tokens will break the internal accounting of the protocol.
Vulnerability Detail
From the base code, we can see that all accounting in the Elfi protocol is based on the parameters of the transfer rather than the actual amount received. If a currency has a built-in transfer fee, the amount received will be less than the amount transferred. If the token is a rebase token, the transfer only represents a share, which is less than the actual amount. These issues will disrupt the system’s accounting functionality and cause financial loss.
Impact
These issues will disrupt the system’s accounting functionality and cause financial loss.
ZeroTrust
Medium
Fee on transfer and rebase tokens will break the internal accounting of the protocol.
Summary
Fee on transfer and rebase tokens will break the internal accounting of the protocol.
Vulnerability Detail
From the base code, we can see that all accounting in the Elfi protocol is based on the parameters of the transfer rather than the actual amount received. If a currency has a built-in transfer fee, the amount received will be less than the amount transferred. If the token is a rebase token, the transfer only represents a share, which is less than the actual amount. These issues will disrupt the system’s accounting functionality and cause financial loss.
Impact
These issues will disrupt the system’s accounting functionality and cause financial loss.
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/AssetsProcess.sol#L58
Tool used
Manual Review
Recommendation
Use the actual amount received for accounting.
Duplicate of #1