Fee-on-transfer underlying deposit asset token conflict with ERC4626 #120
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-51
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/main/src/AstariaRouter.sol#L123-L153
https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol#L233-L265
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626-Cloned.sol#L19-L52
Vulnerability details
Impact
When depositing capital to selected PublicVault.sol via
deposit()
ormint()
, the underlying ERC20 token amount transferred to the contract proportionately determines the minted amount of ERC-4626 VaultTokens that represent the liquidity provider's share in the vault. However, if the ERC20 token entailed is deflationary, it could lead to accounting errors resulting in the last batch of liquidity providers unable to withdraw their funds due to insufficient contract balance.Proof of Concept
File: ERC4626-Cloned.sol#L19-L52
super.deposit()
andsuper.mint()
are unanimously used bydeposit()
andmint()
in AstariaRouter.sol and PublicVault.sol to correspondingly invoke the above parental functions.As can be seen in the code block, no measure has been made to either stem or cater for fee-on-transfer tokens.
Tools Used
Manual inspection
Recommended Mitigation Steps
Consider:
The text was updated successfully, but these errors were encountered: