TessKimy - Fee on transfer tokens may revert the transaction if the remainder is less than fee amount

[sherlock-admin2]

TessKimy

Medium

Fee on transfer tokens may revert the transaction if the remainder is less than fee amount

Summary

Fee on transfer tokens may revert the transaction if the remainder is less than fee amount

Root Cause

In AmirX::_buyBack function, if the fee token is fee on transfer token, then the transaction may be reverted due to remainder.

_buyback function is used for converting fee tokens to telcoin and sweep the remaining balance to defi safe. But it's missing a potential scenario when we use fee on transfer token as fee token, it's possible to see small differences between the amount in aggregator's swap call.

            (bool ercSwap, ) = aggregator.call{value: 0}(swapData);
            require(ercSwap, "AmirX: token swap transaction failed");

            uint256 remainder = feeToken.balanceOf(address(this));
            if (remainder > 0) feeToken.safeTransfer(safe, remainder); 
        }

It's possible to meet following condition:

remainder < fee on transfer fee

In conclusion, whole transaction will be reverted in feeToken implementation.

Internal pre-conditions

1. feeToken should be fee on transfer token
2. remainder < fee on transfer fee

Attack Path

1. X fee on transfer token takes 50 unit fee from transfers
2. Defi swap execution started
3. In fee dispersal phase, _buyBack is triggered
4. feeToken is converted to telcoin in aggregator and we have less than 50 unit feeToken in the contract
5. Sweep is triggered
6. Transaction is reverted in fee on transfer token's transfer function due to underflow

Impact

Medium - The whole defi swap transaction is reverted and DoS is happened. All the function which contains defi swap functionality is affected.

Mitigation

In the sweep functionality, we can use try-catch mechanism to avoid revert on transfer