Open code423n4 opened 2 years ago
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/interfaces/vendor/CTokenInterfaces.sol#L345
function mint() external payable returns (uint256);
mint() for native cToken (CEther) will return nothing, while the current CEthInterface interface defines the returns as (uint256).
mint()
CEther
CEthInterface
(uint256)
In the current implementation, the interface for CToken is used for both CEther and CErc20.
CToken
CErc20
As a result, the transaction will revert with the error: function returned an unexpected amount of data when topUp() with the native token (ETH).
function returned an unexpected amount of data
topUp()
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/handlers/CompoundHandler.sol#L57-L70
CToken ctoken = cTokenRegistry.fetchCToken(underlying); uint256 initialTokens = ctoken.balanceOf(address(this)); address addr = account.addr(); if (repayDebt) { amount -= _repayAnyDebt(addr, underlying, amount, ctoken); if (amount == 0) return true; } uint256 err; if (underlying == address(0)) { err = ctoken.mint{value: amount}(amount); }
Ref:
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/interfaces/vendor/CTokenInterfaces.sol#L345
Vulnerability details
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/interfaces/vendor/CTokenInterfaces.sol#L345
mint()
for native cToken (CEther
) will return nothing, while the currentCEthInterface
interface defines the returns as(uint256)
.In the current implementation, the interface for
CToken
is used for bothCEther
andCErc20
.As a result, the transaction will revert with the error:
function returned an unexpected amount of data
whentopUp()
with the native token (ETH).https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/handlers/CompoundHandler.sol#L57-L70
Ref: