Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

dipp - Insufficient support for fee-on-transfer tokens #76

Open
sherlock-admin opened this issue Nov 22, 2022 · 3 comments
Open

dipp - Insufficient support for fee-on-transfer tokens #76

sherlock-admin opened this issue Nov 22, 2022 · 3 comments
Labels
Has Duplicates Medium Sponsor Disputed

Comments

@sherlock-admin
Copy link
Contributor

dipp

medium

Insufficient support for fee-on-transfer tokens

Summary

The BufferBinaryPool.sol and BufferRouter.sol do not support fee-on-transfer tokens. If tokenX is a fee-on-transfer token, tokens received from users could be less than the amount specified in the transfer.

Vulnerability Detail

The initiateTrade function in BufferRouter.sol receives tokens from the user with amount set to initiateTrade's totalFee input. If tokenX is a fee-on-transfer token then the actual amount received by BufferRouter.sol is less than totalFee. When a trade is opened, the protocol will send a settlementFee to settlementFeeDisbursalContract and a premium to BufferBinaryPool.sol, where the settlementFee is calculated using the incorrect, inflated totalFee amount. When the totalFee is greater than the fee required the user is reimbursed the difference. Since the settlementFee is greater than it should be the user receives less reimbursement.

In BufferBinaryPool.sol's lock function, the premium for the order is sent from the Options contract to the Pool. The totalPremium state variable would be updated incorrectly if fee-on-transfer tokens were used.

The _provide function in BufferBinaryPool.solreceives tokenXAmount of tokenX tokens from the user and calculates the amount of shares to mint using the tokenXAmount. If fee-on-transfer tokens are used then the user would receive more shares than they should.

Impact

The protocol and users could suffer a loss of funds.

Code Snippet

BufferRouter.sol#L86-L90

BufferBinaryPool.sol#L161

BufferBinaryPool.sol#L236-L240

Tool used

Manual Review

Recommendation

Consider checking the balance of the contract before and after token transfers and using instead of the amount specified in the contract.
This was referenced Nov 22, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@IAm0x52
Copy link
Collaborator

IAm0x52 commented Nov 22, 2022

Only an issue if project intends to support fee-on-transfer tokens as underlying

@bufferfinance
Copy link

Not supporting fee-on-transfer tokens for now.

@IAm0x52 IAm0x52 mentioned this issue Dec 3, 2022
Closed
@bufferfinance
Copy link

Buffer won't be supporting fee-on-transfer tokens. Thus we are not fixing it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates Medium Sponsor Disputed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bufferfinance @sherlock-admin @IAm0x52