Platform: Code4rena
Start Date: 15/02/2022
Pot Size: $30,000 USDC
Total HM: 18
Participants: 35
Period: 3 days
Judge: GalloDaSballo
Total Solo HM: 8
Id: 87
League: ETH
Rank: 33/35
Findings: 1
Award: $61.98
🌟 Selected for report: 0
🚀 Solo Findings: 0
61.979 USDC - $61.98
https://github.com/code-423n4/2022-02-redacted-cartel/blob/main/contracts/BribeVault.sol#L189
In depositBribeERC20(), a depositor passes in a token and an amount to be transferred to the Vault as bribe. This is how it's implemented:
// Since this method is called by a depositor contract, we must transfer from the account // that called the depositor contract - amount must be approved beforehand IERC20(token).safeTransferFrom(briber, address(this), amount); b.amount += amount; // Allow bribers to increase bribe
If a token that supports fees on transfer is used to bribe proposals, the actual amount for the reward is higher than the one transferred to the contract. This is a problem because it may mess up with the accounting of the contract, and potentially reward users with unexpected amounts
https://github.com/code-423n4/2022-02-redacted-cartel/blob/main/contracts/BribeVault.sol#L232
Editor
Check balance before and after transfer to see if a fee on transfer token is used, and revert the transaction
#0 - kphed
2022-02-18T00:09:30Z
#1 - CloudEllie
2022-03-23T17:54:14Z
Since this issue was downgraded to a QA level, and the warden did not submit a separate QA report, we've renamed this one to "QA report" for consistency.
The original title, for the record, was "BribeVault does not take into account feeOnTransfer tokens."
#2 - GalloDaSballo
2022-03-25T13:41:23Z
Compared to other reports this one doesn't show mitigation nor goes into further detail, 2/10