Upon deposit of an asset to the LendingPool contract, there is the possibility that the amount received by the contract is not the same as the amount deposited, in most cases less. This would only happen with non-standard ERC20 tokens like deflationary or rebasing tokens. While currently the addition of new tokens is tightly governed and controlled by the Protocol SAFE, the mistake of not performing proper due diligence over new tokens, or including upgradable tokens could introduce a non-standard ERC20 token, allowing this bug to occur. This bug would introduce an accounting error in the protocol, between the number of actual deposits and the emitted aTokens.

We recommend checking the balance of the deposit token before and after the safeTransferFrom() to ensure correct accounting.