depositRepayAndRemoveCollateralFromMarket function attempts to repay the user's loan in the market. In the case of data.depositAmount > 0, it will use the assets existing in the contract (which was deposited by user before) to repay.
However, the Singularity.repay() function will pull YieldBox shares of the asset by using the pearlmit contract. Here is the code snippet of Singularity in the tapioca-bar gitmodule.
Because the depositRepayAndRemoveCollateralFromMarket function doesn't approve YieldBox's shares of the asset for the pearlmit contract of the market, pearlmit will be unable to pull shares from this contract. Therefore, it will revert when repaying in a Singularity market
Impact
depositRepayAndRemoveCollateralFromMarket will be broken
Tools Used
Manual review
Recommended Mitigation Steps
Should approve YieldBox shares of asset for pearlmit before repaying.
Lines of code
https://github.com/Tapioca-DAO/tapioca-periph/blob/032396f701be935b04a7e5cf3cb40a0136259dbc/contracts/Magnetar/modules/MagnetarAssetModule.sol#L99-L106
Vulnerability details
Description
depositRepayAndRemoveCollateralFromMarket
function attempts to repay the user's loan in the market. In the case ofdata.depositAmount
> 0, it will use the assets existing in the contract (which was deposited by user before) to repay.However, the
Singularity.repay()
function will pull YieldBox shares of the asset by using the pearlmit contract. Here is the code snippet of Singularity in the tapioca-bar gitmodule.Because the
depositRepayAndRemoveCollateralFromMarket
function doesn't approve YieldBox's shares of the asset for the pearlmit contract of the market, pearlmit will be unable to pull shares from this contract. Therefore, it will revert when repaying in a Singularity marketImpact
depositRepayAndRemoveCollateralFromMarket
will be brokenTools Used
Manual review
Recommended Mitigation Steps
Should approve YieldBox shares of asset for pearlmit before repaying.
Assessed type
Other