[M14] Missing approval in Mangetar's `_lockOnTOB` function results in broken functionality

[c4-bot-1]

Lines of code

https://github.com/Tapioca-DAO/tapioca-periph/blob/032396f701be935b04a7e5cf3cb40a0136259dbc/contracts/Magnetar/modules/MagnetarMintCommonModule.sol#L116-L117

Vulnerability details

Impact

The function _lockOnTOB is used to deposit SGL liquidity tokens into the yieldbox and then use them to create a lock position. The issue is that the function does not give approval to the yieldbox to use its tokens, which will lead to an insufficient allowance based revert.

The function first takes out tokens from the user with the _extractTokens function, and then tries to send them off to the yieldbox to deposit them.

_extractTokens(user, singularityAddress, fraction);
yieldBox_.depositAsset(tOLPSglAssetId, address(this), address(this), fraction, 0);

The issue is that the contract never gave approval to the yieldbox to use these tokens. So the yieldbox does not have permission to move out these tokens from the contract, and thus this function will always fail.

Proof of Concept

The lack of approval can be seen in the code itself. We can see the correct pattern being used in the other function _depositYBLendSGL, where the approval is first given out.

sglAssetAddress.safeApprove(address(yieldBox_), depositData.amount);
yieldBox_.depositAsset(sglAssetId, address(this), user, depositData.amount, 0);

The safeApprove call is missing in the _lockOnTOB function, and thus the function will always fail.

Tools Used

Manual Review

Recommended Mitigation Steps

Hand out the approval by using a safeApprove call like done in the other functions.

Assessed type

Invalid Validation

[c4-sponsor]

cryptotechmaker (sponsor) confirmed

[c4-judge]

dmvt marked the issue as duplicate of #156

[c4-judge]

dmvt marked the issue as satisfactory