Integration
medium severity
Token Integration Issues
Token integration issues arise when contracts interact with ERC-20 tokens that deviate from the standard — including fee-on-transfer tokens, rebasing tokens, and tokens with non-standard return values.
How It Works
A protocol assumes all tokens behave like standard ERC-20. When fee-on-transfer tokens are used, the received amount is less than expected. Rebasing tokens can change balances unexpectedly. Some tokens don't return booleans from transfer().
Real-World Examples
Multiple DeFi Protocols
2021
Various
Numerous protocols lost funds when users deposited fee-on-transfer tokens like USDT, receiving less than the credited amount.
Code Examples
Vulnerable Code
// VULNERABLE: Assumes transfer amount == received amount
function deposit(address token, uint256 amount) external {
IERC20(token).transferFrom(msg.sender, address(this), amount);
balances[msg.sender] += amount; // Wrong if fee-on-transfer!
}Secure Code
// FIXED: Check actual received amount
function deposit(address token, uint256 amount) external {
uint256 before = IERC20(token).balanceOf(address(this));
IERC20(token).transferFrom(msg.sender, address(this), amount);
uint256 received = IERC20(token).balanceOf(address(this)) - before;
balances[msg.sender] += received; // Actual amount
}Prevention
- Check actual balance change after transfers for fee-on-transfer tokens
- Use SafeERC20 for safe token interactions
- Document which token types your protocol supports
- Test with non-standard tokens (USDT, rebasing tokens) before deployment
Related Vulnerabilities
Scan Your Contract for Token Integration Issues
Our AI-powered auditor automatically detects token integration issues and 20+ other vulnerability types. Get a detailed report in minutes.