Request could fail sometimes due to not having enough tokens in the wallet for the fees.
PoC
Let’s walk through a specific example to illustrate the issue in the StableCoinHandler::_stablecoinSwap function:
User Initiates Swap
The user initiates a swap transaction using a stablecoin token, setting the same stablecoin as both the origin (the token being swapped) and the fee token. This stablecoin is a fee-on-transfer token, meaning a portion of every transaction is automatically taken as a fee by the token contract itself (e.g., 1%).
Fee-on-Transfer Mechanism
In this example, let’s assume the swap requires a total of 100 stablecoins:
When 100 stablecoins are transferred from the user, the token contract takes a 1% fee.
As a result, only 99 stablecoins are received by the swap function after the fee deduction.
Impact on Swap Validation
Without a mechanism to check the effective balance after the fee deduction:
The swap function expects the full 100 stablecoins but only receives 99.
This discrepancy can cause the swap to violate defined minSupply and maxSupply constraints, resulting in an inconsistent state.
Mitigation
Consider implement check in the _verifyStablecoinSwap to prevent having the same tokens for fees and for origin for the stablecoin swap. And also don’t use fee on transfer as tokens!
PeterSR
Medium
Same token for fees and origin for stable coin swap
Summary
In the
StableCoinHandler::_stablecoinSwapfunction, the current implementation allows the token to be used as fee token for the swap. Problem that could occur here is that if the stable coin is fee on transfer token, it will lead to wrong computation in the stable coin when the origin and the token for fees is the same. https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/StablecoinHandler.sol#L149-L151Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Request could fail sometimes due to not having enough tokens in the wallet for the fees.
PoC
Let’s walk through a specific example to illustrate the issue in the
StableCoinHandler::_stablecoinSwapfunction:User Initiates Swap
The user initiates a swap transaction using a stablecoin token, setting the same stablecoin as both the origin (the token being swapped) and the fee token. This stablecoin is a fee-on-transfer token, meaning a portion of every transaction is automatically taken as a fee by the token contract itself (e.g., 1%).
Fee-on-Transfer Mechanism
In this example, let’s assume the swap requires a total of 100 stablecoins:
Impact on Swap Validation
Without a mechanism to check the effective balance after the fee deduction:
minSupplyandmaxSupplyconstraints, resulting in an inconsistent state.Mitigation
Consider implement check in the _verifyStablecoinSwap to prevent having the same tokens for fees and for origin for the stablecoin swap. And also don’t use fee on transfer as tokens!