Closed code423n4 closed 1 year ago
It's the intended mechanism as per the NATSPEC
* @notice Supply assets but without a 2-step approval process, EIP-2612
0xSorryNotSorry marked the issue as low quality report
It is not intended that MErc20Delegator implements EIP-2612, but that it accepts permits for a EIP-2612 token. Invalid finding.
alcueca marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/MErc20Delegator.sol#L97
Vulnerability details
Impact
According to the
MTokenInterfaces
, themintWithPermit
function should be compliant with EIP-2612.Proof of Concept
It is only currently passing these params to the function:
It is expected to pass these params:
If these conditions are not met, there will be a revert.
Tools Used
Manual Review
Recommended Mitigation Steps
Please follow the instructions in the EIP-2612 standard below regarding the permit implementation.
https://eips.ethereum.org/EIPS/eip-2612
Assessed type
Other