The collect_protocol_7540_F_A_9_F method in the Pools struct of the lib.rs contract of the Seawater package is responsible for collecting protocol fees. It uses the transfer_to_addr function to transfer tokens to the recipient. However, the first parameter passed is the recipient address, and the second is the token address. In the transfer_to_addr function of the wasm_erc20.rs contract, the first parameter is expected to be the token address and the second the recipient address. Due to the incorrect parameter, the tokens will not be transferred correctly to the recipient, causing a failure in the fee collection process.
Proof of Concept
The collect_protocol_7540_F_A_9_F method in the Pools struct of the lib.rs contract within the Seawater package is responsible for collecting protocol fees and transferring tokens to the recipient. It uses the transfer_to_addr function, where the first parameter is the recipient address and the second is the token address.
pkg/seawater/src/lib.rs:collect_protocol_7540_F_A_9_F-L1149-L1150
The issue arises because the transfer_to_addr function in the wasm_erc20.rs contract expects the first parameter to be the token address and the second to be the recipient address. Passing the parameters in the incorrect order results in the recipient failing to receive the tokens.
pkg/seawater/src/wasm_erc20.rs:transfer_to_addr-L158
/// Sends ERC20 tokens to a specific recipient.
///
/// # Side effects
/// Transfers ERC20 tokens to a recipient.
158 @audit=> pub fn transfer_to_addr(token: Address, recipient: Address, amount: U256) -> Result<(), Error> {
safe_transfer(token, recipient, amount)
}
To resolve this issue, it is recommended that the collect_protocol_7540_F_A_9_F method should pass the parameters correctly when calling transfer_to_addr.
Tools Used
Manual Review
Recommended Mitigation Steps
It is recommended to modify the collect_protocol_7540_F_A_9_F method to pass the correct parameters when calling the transfer_to_addr function. The first parameter should be the token address, the second should be the recipient address, and the third should be the amount of tokens to be transferred.
Lines of code
https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/lib.rs#L1149-L1150 https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/wasm_erc20.rs#L158
Vulnerability details
Impact
The
collect_protocol_7540_F_A_9_F
method in thePools
struct of thelib.rs
contract of the Seawater package is responsible for collecting protocol fees. It uses thetransfer_to_addr
function to transfer tokens to the recipient. However, the first parameter passed is the recipient address, and the second is the token address. In thetransfer_to_addr
function of thewasm_erc20.rs
contract, the first parameter is expected to be the token address and the second the recipient address. Due to the incorrect parameter, the tokens will not be transferred correctly to the recipient, causing a failure in the fee collection process.Proof of Concept
The
collect_protocol_7540_F_A_9_F
method in thePools
struct of thelib.rs
contract within the Seawater package is responsible for collecting protocol fees and transferring tokens to the recipient. It uses thetransfer_to_addr
function, where the first parameter is the recipient address and the second is the token address. pkg/seawater/src/lib.rs:collect_protocol_7540_F_A_9_F-L1149-L1150The issue arises because the
transfer_to_addr
function in thewasm_erc20.rs
contract expects the first parameter to be the token address and the second to be the recipient address. Passing the parameters in the incorrect order results in the recipient failing to receive the tokens. pkg/seawater/src/wasm_erc20.rs:transfer_to_addr-L158To resolve this issue, it is recommended that the
collect_protocol_7540_F_A_9_F
method should pass the parameters correctly when callingtransfer_to_addr
.Tools Used
Manual Review
Recommended Mitigation Steps
It is recommended to modify the
collect_protocol_7540_F_A_9_F
method to pass the correct parameters when calling thetransfer_to_addr
function. The first parameter should be the token address, the second should be the recipient address, and the third should be the amount of tokens to be transferred.Assessed type
Token-Transfer