[MEDIUM] RdpxV2Core#_purchaseOptions - Missing approval for the collateralToken will revert option purchases

[code423n4]

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/core/RdpxV2Core.sol#L919-L922 https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/core/RdpxV2Core.sol#L855-L858 https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/core/RdpxV2Core.sol#L471-L487 https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/perp-vault/PerpetualAtlanticVault.sol#L288-L289

Vulnerability details

Impact

In the bond and bondWithDelegate, you can purchase Perpetual Atlantic PUT options if **putOptionsRequired=true**. However, the RdpxV2Core contract never approves the PerpetualAtlanticVault contract to spend any collateral tokens used to mint the options.

This will revert the bond and bondWithDelegate functions when trying to mint options.

Proof of Concept

1. The admin calls setPutOptionsRequired to true
2. Call bond or bondWithDelegate which in turn will call _purchaseOptions() which calls the purchase function inside of the PerpetualAtlanticVault contract.
3. The following line will revert since we do not have approval to transfer from the RdpxV2Core contract:

   // Transfer premium from msg.sender to PerpetualAtlantics vault
   collateralToken.safeTransferFrom(msg.sender, address(this), premium);

Tools Used

Manual Review.

Recommended Mitigation Steps

Call the approve function to allow the PerpetualAtlanticVault contract to transfer from the RdpxV2Core contract like so:

collateralToken.safeApprove(
      addresses.perpetualAtlanticVault,
      type(uint256).max
    );

Assessed type

Token-Transfer

[bytes032]

It has max approval

[c4-pre-sort]

bytes032 marked the issue as low quality report

[c4-judge]

GalloDaSballo marked the issue as unsatisfactory: Invalid