Upgraded Q -> 2 from #356 [1677633435546]

Judge has assessed an item in Issue 356 as 2 risk. The relevant finding follows: L-01 ERC4626 does not work with fee-on-transfer tokens in project Impact ERC20 token contract can be deposited with the deposit function. With the following part of the code, the ERC20 transfer from msg.sender to the...

WithdrawProxy will break if there is a fee-on-transfer underlying

Lines of code Vulnerability details PublicVault.transferWithdrawReserve will increase WithdrawProxy.withdrawReserveReceived by withdrawBalance. The issue is that if the token has a fee-on-transfer, withdrawBalance will be greater than the amount received by withdrawProxy 384:...

Unprotected address(this) checks allow attacker to delegatecall from another contract to spoof values such as the token balances of AlgebraPool instances

Lines of code Vulnerability details Description: AlgebraPool token balance checks are intended to exclusively read the token balances of the AlgebraPool instance. However, it is possible for an attacker to make a delegatecall into one of the methods reading the token balance, overriding the...

Fee-On-Transfer Tokens Are Not Supported

Lines of code Vulnerability details Impact The FactoryDAO suite of contracts interact with any arbitrary ERC20 token. Because of this, there is a specific instance and likely several others where a fee-on-transfer token will not be correctly handled. PermissionlessBasicPoolFactory.fundPool will...

Malicious Promotion Creators Can Drain Token Balances

Handle leastwood Vulnerability details Impact The createPromotion allows any user to create and fund promotions for a specific number of epochs. Ticket holders are entitled to a percentage of the rewards based on their TWAB. createPromotion references a ticket address which can be controlled by t...

Dust Token Balances Cannot Be Claimed By An admin Account

Handle leastwood Vulnerability details Impact Users who have a small claim on rewards for various promotions, may not feasibly be able to claim these rewards as gas costs could outweigh the sum they receive in return. Hence, it is likely that a dust balance accrues overtime for tokens allocated f...

Fee on transfer tokens do not work within the protocol

Handle tensors Vulnerability details Fee on transfer tokens transfer less tokens in than what would be expect. This means that the protocol request incorrect amounts when dealing with these tokens. The protocol should use stored token balances instead of transfer for calculating amounts. --- The...

Test configuration carryover to production deployment limits pool users to 5

Handle 0xRajeev Vulnerability details Impact The project uses a data structure for indexing ticket tokens/users called SortitionSumTreeFactory which as explained in the overview video time 14:20-14:50 is used to capture users’ token balances in the leaves where internal nodes represent their sums...

Incompatability with deflationary / fee-on-transfer tokens

Handle cmichel Vulnerability details Vulnerability Details The DInterest.deposit function takes a depositAmount parameter but this parameter is not the actual transferred amount for fee-on-transfer / deflationary or other rebasing tokens. Impact The actual deposited amount might be lower than the...

Reentrancy Attack

openzeppelin-solidity is vulnerable to reentrancy attack. The vulnerability exists when a extend custom beforeTokenTransfer is invoked when burning tokens and before the send hook is externally called on the sender while token balances are adjusted after the process and this may cause the...