Closed code423n4 closed 1 year ago
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L5C1-L5C103 #L5
The Vault.sol contract imported the draft-ERC20Permit from Openzeppelin contracts. However, the draft-ERC20Permit contract doesn't exist anymore in Openzeppelin contracts. Besides, the Vault.sol contract inherited ERC20Permit and not draft-ERC20Permit - https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L110C1-L110C70.
Functions in Vault.sol such as depositWithPermit, mintWithPermit, sponsorWithPermit, and _permit using the ERC20Permit abstract contract could throw unexpected behavior because of the wrong import.
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L5C1-L5C103
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L110C1-L110C70
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L427C3-L438C1
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L458C2-L472C4
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L494C1-L504C4
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1093C1-L1105C1
Manual review
import { ERC20Permit, IERC20Permit } from "openzeppelin/token/ERC20/extensions/ERC20Permit.sol";
ERC20
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v4.9/contracts/token/ERC20/extensions/draft-ERC20Permit.sol
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L5C1-L5C103 #L5
Vulnerability details
Impact
The Vault.sol contract imported the draft-ERC20Permit from Openzeppelin contracts. However, the draft-ERC20Permit contract doesn't exist anymore in Openzeppelin contracts. Besides, the Vault.sol contract inherited ERC20Permit and not draft-ERC20Permit - https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L110C1-L110C70.
Functions in Vault.sol such as depositWithPermit, mintWithPermit, sponsorWithPermit, and _permit using the ERC20Permit abstract contract could throw unexpected behavior because of the wrong import.
Proof of Concept
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L5C1-L5C103
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L110C1-L110C70
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L427C3-L438C1
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L458C2-L472C4
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L494C1-L504C4
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1093C1-L1105C1
Tools Used
Manual review
Recommended Mitigation Steps
import { ERC20Permit, IERC20Permit } from "openzeppelin/token/ERC20/extensions/ERC20Permit.sol";
Assessed type
ERC20