Token-2022 Transfer Fee Bypass Remediation
How to fix Token-2022 transfer fee accounting issues.
Token-2022 Transfer Fee Bypass Remediation
Overview
Related Detector: Token-2022 Transfer Fee Bypass
Exact balance comparisons fail with Token-2022 transfer fees. The fix is to use inequality checks that account for fee deductions, or query the fee configuration to calculate the expected received amount.
Recommended Fix
// Use balance difference instead of exact comparison
let balance_before = destination.amount;
token_2022::transfer(ctx, amount)?;
destination.reload()?;
let received = destination.amount.checked_sub(balance_before).unwrap();
// Allow for fee deduction
require!(received > 0 && received <= amount, TransferError);Alternative Mitigations
Query Fee Configuration
let fee_config = get_transfer_fee_config(&mint)?;
let fee = fee_config.calculate_fee(amount);
let expected_received = amount - fee;
require!(received == expected_received, FeeMismatch);Common Mistakes
Mistake: Hardcoding Zero Fee Assumption
// WRONG: assumes no transfer fee
require!(destination.amount == balance_before + amount, Error);Always use balance difference comparison for Token-2022 compatibility.