mint()
function logic will break with fee-on-transfer(deflationary) tokens
#261
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-263
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/main/src/core/Lendgine.sol#L99
Vulnerability details
Impact
with deflationary token mint function never succeed
Proof of Concept
mint() function checking
if (balanceAfter < balanceBefore + collateral) revert InsufficientInputError();
i.e balanceAfter should greater or equal to balanceBefore + collateral
But in case of fee-on transfer tokens some amount will burn from sending amount
i.e collateral that sent > collateral that received
so balanceAfter is always less than balanceBefore + collateral in case of fee-on-transfer tokens
Tools Used
Manual review
Recommended Mitigation Steps
Some logic change should made to support fee-on-transfer tokens
The text was updated successfully, but these errors were encountered: