Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AdamSzymanski - Underfunding of Buyback and Fee Distributions Due to Fee-on-Transfer Tokens #215

Open
sherlock-admin2 opened this issue Nov 13, 2024 · 0 comments
Open

AdamSzymanski - Underfunding of Buyback and Fee Distributions Due to Fee-on-Transfer Tokens #215

sherlock-admin2 opened this issue Nov 13, 2024 · 0 comments

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Nov 13, 2024
edited by sherlock-admin3
Loading

AdamSzymanski

Medium

Underfunding of Buyback and Fee Distributions Due to Fee-on-Transfer Tokens

Summary

The assumption that full feeToken balances transfer without deduction will cause a shortfall in distributed amounts for fee-on-transfer tokens, as the automatic transfer fee reduces the received amount when feeToken is forwarded to the aggregator or defiSafe.

Root Cause

The choice to rely on feeToken.balanceOf(address(this)) for full transfers without accounting for transfer fees is a mistake, as fee-on-transfer tokens will result in a smaller-than-expected amount reaching the destination.

Issue Location
The issue appears in the following lines within _buyBack and _feeDispersal:

  1. _buyBack
  2. _feeDispersal

Internal pre-conditions

  1. SWAPPER_ROLE needs to call swap() or another function that invokes _feeDispersal or _buyBack using a fee-on-transfer token as feeToken.
  2. feeToken must apply a transfer fee.

External pre-conditions

No response

Attack Path

  1. SWAPPER_ROLE calls swap() or a related function with a fee-on-transfer token as feeToken.
  2. In _feeDispersal or _buyBack, feeToken is forwarded to the aggregator or defiSafe.
  3. Due to the transfer fee, the aggregator or defiSafe receives less than expected, potentially causing the buyback swap to fail or creating a shortfall in the distributed amount.

Impact

The protocol suffers from reduced reliability in buyback and fee distribution amounts, especially when handling fee-on-transfer tokens. This inconsistency can cause failed transactions in the aggregator or underpayment to defiSafe.

Using fee-on-transfer tokens without adjustments may lead to inconsistent buyback or fee distribution results due to transfer fees, affecting the stability and predictability of protocol operations.

PoC

  1. Deploy a fee-on-transfer ERC20 token.
  2. Call swap() with this token as feeToken.
  3. Observe that the aggregator or defiSafe receives a reduced amount compared to the full feeToken balance.

Mitigation

  1. Implement Balance Check Adjustments: Calculate the actual received amount after each transfer to account for fees.
  2. Identify Fee-on-Transfer Tokens: Consider pre-detecting fee-on-transfer tokens and adjusting expected transfer values accordingly.
@sherlock-admin3 sherlock-admin3 changed the title Handsome Cotton Wolverine - Underfunding of Buyback and Fee Distributions Due to Fee-on-Transfer Tokens AdamSzymanski - Underfunding of Buyback and Fee Distributions Due to Fee-on-Transfer Tokens Nov 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin2