Closed howlbot-integration[bot] closed 3 months ago
This is indeed a problem on the test implementations, however TransformERC20
always give ETH as an outputToken
and Uniswap_V3
always give WETH as outputToken
so the validations in the contract are correct and not a vulnerability in the contract itself
koolexcrypto marked the issue as duplicate of #109
koolexcrypto marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/0dc8467ccff27230e7c0530b619524cc8401e22a/src/PrelaunchPoints.sol#L254
Vulnerability details
Impact
If a lender for example deposit 100 rswETH in prelaunchPoints contract when they want to claim their tokens actually frontend part calls https://api.0x.org/swap/v1/quote?buyToken=0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee&sellAmount=100&sellToken=0xFAe103DC9cf190eD75350761e95403b7b8aFa6c0&includedSources=uniswap_v3 to generate calldata but 0x protocol always doesn't return
0x803ba26d
and0x415565b0
selectors even if frontend forces 0x to just include uniswap_v3 and this causes some lenders cannot claim their tokensProof of Concept
Please add this test to PrelaunchPoints.t.sol contract and run that with this command
forge test --match-test test_lockrswETHAndClaim -vvv --evm-version shanghai
Tools Used
Foundry,Manually
Recommended Mitigation Steps
Assessed type
Error