In OptionPositionMananger, several functions like close and sellOptions, need to call PMWithdraw, which calls PMTransfer. Then it is checked that tx.origin != user. However, smart contract wallet cannot be tx.origin, which means AA wallets will not be able to interact with the protocol.
Lines of code
https://github.com/GoodEntry-io/GoodEntryMarkets/blob/2e3d23016fadb45e188716d772cec7c2096fae01/contracts/protocol/lendingpool/LendingPool.sol.0x20#L492
Vulnerability details
In OptionPositionMananger, several functions like
close
andsellOptions
, need to callPMWithdraw
, which callsPMTransfer
. Then it is checked thattx.origin != user
. However, smart contract wallet cannot be tx.origin, which means AA wallets will not be able to interact with the protocol.I suggest we move the check to OptionPositionMananger and check
msg.sender == user
instead.Assessed type
Context