Skip to content

Latest commit

 

History

History
42 lines (34 loc) · 1.73 KB

093.md

File metadata and controls

42 lines (34 loc) · 1.73 KB

deadrxsezzz

medium

Project breaks when a fee-on-transfer ERC20 is used as collateral

Summary

Contract states that it supports fee-on-transfer tokens, however, using such as collateral will always revert

Vulnerability Detail

When depositing tokens as collateral, they are first sent to the CollateralManager.sol contract and then to the collateralEscrow contract. The contract wrongfully assumes that the amount sent is the same as the amount received

if (collateralInfo._collateralType == CollateralType.ERC20) {
            IERC20Upgradeable(collateralInfo._collateralAddress).transferFrom(
                borrower,
                address(this),
                collateralInfo._amount
            );
            IERC20Upgradeable(collateralInfo._collateralAddress).approve(
                escrowAddress,
                collateralInfo._amount
            );
            collateralEscrow.depositAsset(
                CollateralType.ERC20,
                collateralInfo._collateralAddress,
                collateralInfo._amount,
                0
            );

In the case of a fee-on-transfer ERC-20, the amount received will be less than the amount sent. Attempting to send the same amount from the CollateralManager to the CollateralEscrow will therefore always revert.

Impact

Fee-on-transfer tokens cannot be used as collateral, although the docs state they are supported.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/CollateralManager.sol#L326-#L341

Tool used

Manual Review

Recommendation

Check the balance before and after the tokens are received. Based on the amount received, send an according amount to the CollateralEscrow contract