search

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

PrincipalToken Contract Deployment Can Be Failed Even For Valid ERC4626 #39

Closed c4-bot-10 closed 8 months ago

c4-bot-10 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L131

Vulnerability details

Impact

PrincipalToken deployment might be failed if the IBT stores assets as ERC20 and not as an address.

Proof of Concept

In PrincipalToken.sol contract's Line no 131 assumes that IERC4626(_ibt).asset() will return address type variable all the time but that might not be the case in some scenarios, e.g. in EIP4626 they mentioned return value MUST be an EIP-20 token contract and also, 

outputs:name: assetTokenAddress
type: address

Also for the solmate's ERC4626 contract it's stores asset as ERC20 type not as an address so any contract that uses solmate ERC4626 or stores asset as ERC20 type then PrincipalToken deployment with that can be problematic. So handle the situation properly.

Tools Used

Manual Analysis

Recommended Mitigation Steps

Handle both ERC20 and address scenarios in the contract don't only expect for address type.

Assessed type

ERC4626

gzeon-c4 commented 8 months ago

ierc20 and address is the same type

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as primary issue

c4-judge commented 8 months ago

JustDravee marked the issue as unsatisfactory: Invalid