The executioner is designed to handle only ERC20-ERC20 token trades by modules. The balancer V2 vault is able to automatically unwrap the wrapped native token. Hence, it is recommended to ensure that the tokenOut parameter passed into the swap() function is not the sentinel value.
Handle
hickuphh3
Vulnerability details
Impact
The executioner is designed to handle only ERC20-ERC20 token trades by modules. The balancer V2 vault is able to automatically unwrap the wrapped native token. Hence, it is recommended to ensure that the
tokenOutparameter passed into theswap()function is not the sentinel value.The sentinel value used is the null address.
Recommended Mitigation Steps
Consider adding the following check in the function.
require(tokenOut != address(0), 'native token swap not supported');