Cudos contest - reassor's results

Lines of code

https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L600-L608

Vulnerability details

Impact

Contract Gravity.sol does not properly handle ERC20 tokens that charge fee on their transfers. Implementation of such a tokens does not transfer exact amount provided to transfer() but part of it is charged as a fee, burned or used in some other way. This leads to incorrect accounting and effectively to loss of funds.

Proof of Concept

• https://github.com/code-423n4/2022-05-cudos/blob/de39cf3cd1f1e1cf211819b06d4acf6a043acda0/solidity/contracts/Gravity.sol#L600-L608

Tools Used

Manual Review / VSCode

Recommended Mitigation Steps

It is recommended to add support for ERC20 tokens with built-in fees. Example of the implementation:

	uint256 ourStartingBalance = IERC20(_tokenContract).balanceOf(address(this));
	IERC20(_tokenContract).safeTransferFrom(msg.sender, address(this), _amount);
	uint256 ourEndingBalance = IERC20(_tokenContract).balanceOf(address(this));

	require(ourEndingBalance > ourStartingBalance, "ERC20 reduced balance");

	state_lastEventNonce = state_lastEventNonce + 1;

	emit SendToCosmosEvent(
		_tokenContract,
		msg.sender,
		_destination,
		_amount,
		ourEndingBalance - ourStartingBalance,
		state_lastEventNonce
	);