[H-01] Mitigation Error #11
Description
Lines of code
Vulnerability details
The issue originally presented in the H-01 submission has been successfully mitigated. The underlying issue was that the _transfer logic was incorrect when from == to. This has been address by causing the _transfer to revert under those circumstances. This mitigation creates a new issue with KIBToken because now the token exhibits non-standard ERC20 behavior.
Impact
Integration errors/danger with other protocols
Proof of Concept
The changes made for H-01 causes transfers to revert if from == to. This is problematic because this is non-standard ERC20 behavior that can cause integration risk/issues with other protocols. I raise this as an issue because the goal of this project is to be able to integrate bond yields into Defi. By causing the token to have non-standard ERC20 behavior you limit the potential integrations and potentially cause loss of funds. Below I outline an example of why self transfers reverting could be problematic.
Example:
Imagine you have a vault with an epoch based withdrawal system where the withdraw is first requested then finalized after a certain delay. If that vault integrates the KIBToken a malicious user would be able to break the withdrawal mechanism by specifying that the vault contract itself as recipient of the withdrawn tokens. If the vault finalizes sequentially (first in first out) then it could potentially break the entire withdrawal system for all users.
Tools Used
Manual Review
Recommended Mitigation Steps
Instead of reverting when from == to, _transfer should simply skip the logic as recommended in the original H-01 submission.