Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

[code423n4]

Lines of code

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/ExtraRewardsDistributor.sol#L93
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/Booster.sol#L404
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/ConvexMasterChef.sol#L221-L225
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraBalRewardPool.sol#L146

Vulnerability details

As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation.
Also, it's a good practice for the future of the solution.

Affected code:

contracts/ExtraRewardsDistributor.sol:
  93:         IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);

convex-platform/contracts/contracts/Booster.sol:
  404:         IERC20(lptoken).safeTransferFrom(msg.sender, staker, _amount);

convex-platform/contracts/contracts/ConvexMasterChef.sol:
  221:         pool.lpToken.safeTransferFrom(
  222              address(msg.sender),
  223              address(this),
  224              _amount
  225          );

File: AuraBalRewardPool.sol
  146:         stakingToken.safeTransferFrom(msg.sender, address(this), _amount);

Recommended Mitigation Steps

Use the balance before and after the transfer to calculate the received amount instead of assuming that it would be equal to the amount passed as a parameter.

As a template:

        uint256 balanceBefore = ERC20(token).balanceOf(address(this));
        ERC20(token).safeTransferFrom(msg.sender, address(this), amount);
        uint256 realReceivedAmount = ERC20(token).balanceOf(address(this)) - balanceBefore;

[dmvt]

Duplicate of #176