Description

The auction contracts assume that when an ERC20 bid is placed, the full bid amount is received by the contract. This assumption does not hold for fee-on-transfer or deflationary ERC20 tokens, where part of the amount is burned or sent as a fee during transfer.

When such tokens are used for bidding, the contract may receive fewer tokens than expected while still accounting for the full bid amount internally.

Affected Area

All auction contracts that allow ERC20 tokens to be used as bidding tokens.

Expected Behavior

Either:

• Only standard ERC20 tokens (without transfer fees or deflation) should be supported and clearly documented, or
• Internal accounting should be based on the actual number of tokens received by the contract.

Actual Behavior

The contracts assume the requested transfer amount is fully received, with no checks or documentation around ERC20 token behavior.

Impact

• Withdrawals may fail due to insufficient contract balance
• Protocol fee calculations can become incorrect
• Funds may become partially or fully locked
• Unexpected behavior for users and integrators

Suggested Fix

Document supported ERC20 token requirements, or update the accounting logic to track the actual amount of tokens received during transfers.