Lenders might suffer losses if the ERC20 in the loan has fee on transfer

Summary

Lenders will receive less interest than expected and might even lose value

Vulnerability Detail

When repaying a loan, it only checks the amount sent, but not the amount received. The two values might differ if the ERC20 has implemented fee-on-transfer. Furthermore, a lender cannot simply increase the fees beforehand to compensate for these losses, as in the case where the token has a flat fee/ flat fee + %, the lender will suffer significantly more losses if the borrower repays the loan over numerous repayments

Impact

Lenders will receive less interest than expected and might even lose value

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L747-#L751

Tool used

Manual Review

Recommendation

Implement logic to check the amount received by the lender to insure that no losses for them have occurred.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

094.md

094.md

Lenders might suffer losses if the ERC20 in the loan has fee on transfer

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

094.md

Latest commit

History

094.md

File metadata and controls

Lenders might suffer losses if the ERC20 in the loan has fee on transfer

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation