Lucene search
K

24 matches found

Code423n4
Code423n4
added 2023/12/12 12:0 a.m.26 views

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Creator can earn holder fee

Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.10 views

No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts

Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...

7.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.16 views

the swapFrom() function allows the Fee On Transfer tokens and _setReserves doesn't revert

Lines of code Vulnerability details Impact the protocol supports the fee on transfer tokens and has implemented a special capable function for it and wants to not allow and revert the fee on transfer tokens in normal SwapFrom function as it says in comments of swapfrom function @dev MUST revert i...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/01 12:0 a.m.6 views

Upgraded Q -> 2 from #92 [1677633054022]

Judge has assessed an item in Issue 92 as 2 risk. The relevant finding follows: L-09 ERC4626 does not work with fee-on-transfer tokens Description The ERC4626 deposit/mint functions do not work well with fee-on-transfer tokens as the assets variable is the pre-fee amount, including the fee, where...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/06 12:0 a.m.10 views

Upgraded Q -> M from #366 [1670366212013]

Judge has assessed an item in Issue 366 as M risk. The relevant finding follows: 1. Not support fee-on-transfer tokens Every tokens of credit line will be transferred from lender to LineOfCredit first, then to borrower later. These 2-transfer steps will make the tax for some fee-on-transfer token...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.12 views

Any use of fee-on-transfer tokens as quote tokens in auctions will result in freeze or loss of funds for users.

Lines of code Vulnerability details Description SIZE auctions do not support fee-on-transfer tokens. The platform rejects taxed baseToken during createAuction: // Passes https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.solL9 // Transfer base tokens to auction contrac...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.11 views

_handleExecuteTransaction may not working correctly on fee-on-transfer tokens. Moreover, if it is failed, fund may be locked forever.

Lines of code Vulnerability details Impact handleExecuteTransaction may not working correctly on fee-on-transfer tokens. As duplicated fee is applied to fee on transfer token when executing a arbitrary call message passing request. Moreover, the Executor contract increase allowance on that token...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.15 views

Fee-on-transfer support

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.11 views

Bribe.sol is not meant to handle fee-on-transfer tokens

Lines of code Vulnerability details Impact Should a fee-on-transfer token be added as a reward token and deposited, the tokens will be locked in the Bribe contract. Voters will be unable to withdraw their rewards. Proof of Concept Tokens are deposited into the Bribe contract using...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/05/25 12:0 a.m.14 views

ExtraRewardsDistributor deposits don’t work with fee-on transfer tokens

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every safetransfer or safetransferFrom . Proof of Concept The ExtraRewardsDistributor’s...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/23 12:0 a.m.11 views

Users may lose rewards to other users if rewards are given as fee-on-transfer tokens

Lines of code Vulnerability details Impact If rewards are given in fee-on-transfer tokens, users may get no rewards, breaking functionality Med: Assets not at direct risk, but the function of the protocol or its availability could be impacted, or :::leak value with a hypothetical attack path with...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.9 views

Pools and trees may be underfunded for fee-on-transfer tokens

Lines of code Vulnerability details Pools, vesting trees, and airdrop trees may all be created with fee-on-transfer tokens. When each of these entities is funded by a transfer in, their internal accounting assumes they receive the full amount transferred. However, they may actually receive fewer...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.8 views

Fee-on-transfer tokens will mess up the internal accounting of the contract

Lines of code Vulnerability details Impact If the underlying token is a fee-on-transfer token, the amount of tokens that will be transferred to the contract isn't equal to the amount the supplyTokenTo tries to supply to the aave protocol, so the function will revert because the contract won't hav...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/30 12:0 a.m.8 views

Unsupported fee-on-transfer tokens

Low-01 Unsupported fee-on-transfer tokens Impact When underlyingAssetAddress is fee-on-transfer tokens, in the supplyTokenTo function, the actual amount of tokens received by the contract will be less than the depositAmount, so that the subsequent pool.supply function will fail to execute. Proof ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/06 12:0 a.m.9 views

NFTLoanFacilitator: Unsupported fee-on-transfer tokens

Lines of code Vulnerability details Impact loanAssetContractAddress is specified by the user when the user creates a loan. When loanAssetContractAddress is fee-on-transfer tokens, in the lend function, the actual amount of tokens received by the contract will be less than the amount, so that the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/20 12:0 a.m.65 views

ERC4626 does not work with fee-on-transfer tokens

Lines of code Vulnerability details Impact The docs/video say ERC4626.sol is in scope as its part of TurboSafe The ERC4626.deposit/mint functions do not work well with fee-on-transfer tokens as the amount variable is the pre-fee amount, including the fee, whereas the totalAssets do not include th...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.8 views

ERC20Vault does not support fee-on-transfer token

Handle gzeon Vulnerability details Impact ERC20Vault does not support fee-on-transfer token since it does not check the balance received by the contract. Proof of Concept for uint256 i = 0; i 0 IERC20tokensi.safeTransferFromfrom, addressthis, tokenAmountsi; actualTokenAmounts = pushtokens,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/18 12:0 a.m.15 views

function mint() No Tokens Will be Transfer to _recipient

Handle Meta0xNull Vulnerability details Impact mintrecipient, amount; At the end of mint, mint seems like responsible to transfer tokens to recipient but there is no code no function of mint in this contract. Thus No Tokens Will be Transfer to recipient. recipient who do not Receive Their Tokens...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/10 12:0 a.m.7 views

Fee on transfer tokens do not work within the protocol

Handle tensors Vulnerability details Fee on transfer tokens transfer less tokens in than what would be expect. This means that the protocol request incorrect amounts when dealing with these tokens. The protocol should use stored token balances instead of transfer for calculating amounts. --- The...

6.9AI score
Exploits0
Rows per page
Query Builder