code423n4 commented 1 year ago

Lines of code

https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d5de36a8f/contracts/Balancer.sol#L322

Vulnerability details

Impact

Rebalance may revert

Proof of Concept

The rebalance functon tightly integrate with stargate and layezero

https://stargateprotocol.gitbook.io/stargate/developers/cross-chain-swap-fee

however, the swap fee is not quoted and calculated

the swap

https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d5de36a8f/contracts/Balancer.sol#L321

    erc20.approve(address(router), _amount);
        router.swap(
            _dstChainId,
            _srcPoolId,
            _dstPoolId,
            _oft, //refund,
            _amount,
            _computeMinAmount(_amount, _slippage),
            _lzTxParams,
            _lzTxParams.dstNativeAddr,
            "0x"
        );

the user can easily either underpay the fee and swap does not go through or overpay the swap fee because lack of swap fee estimation

Tools Used

Manual Review

Recommended Mitigation Steps

Assessed type

Token-Transfer

c4-pre-sort commented 1 year ago

minhquanym marked the issue as low quality report

minhquanym commented 1 year ago

Insufficient proof

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Insufficient quality

code-423n4 / 2023-07-tapioca-findings

Balancer swap fee is not set and quote properly when Rebalancing #1693