Fee-on-transfer / rebasing tokens lead to errors #123
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-367
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/d7ef66035ddf873b0c96804a1c9deeebb1f798ea/contracts/utils/LineLib.sol#L69
https://github.com/debtdao/Line-of-Credit/blob/f32cb3eeb08663f2456bf6e2fba21e964da3e8ae/contracts/utils/SpigotLib.sol#L38
Vulnerability details
Impact & Proof Of Concept
The function
LineLib.receiveTokenOrETH
that is used in multiple places assumes that the requested transfer amount is also equal to the actual transferred amount:This is not true for fee-on-transfer tokens, where the change in balance is smaller than the requested amount. This leads to problems in multiple places. For instance, in
LineOfCredit.addCredit
, theamount
parameter is used to create the credit:When the contract does not contain this amount, there are two options:
1.) Payouts that should be possible are not possible (because the balance is not sufficient).
2.) Funds from other users are used for payouts.
Another big problem for the system are rebasing tokens. This can cause an underflow in
SpigotLib._claimRevenue
(because the balance is now smaller than the previously cached balance), making all calls to claim revenue revert:Recommended Mitigation Steps
Check the actual amount that was transferred (i.e., the difference of the balances).
The text was updated successfully, but these errors were encountered: