If the recipient address is not a valid token contract, the function will consistently revert so admin cannot collect the protocol fee.
If the recipient address is a valid token contract , The function calls transfer tokens from the wrong addresses (the recipient address instead of the intended token address).
Lines of code
https://github.com/code-423n4/2024-08-superposition/blob/main/pkg/seawater/src/lib.rs#L1149-L1150
Vulnerability details
Impact
Either way admin cannot collect the protocol fee
Proof of Concept
In the
collect_protocol_7540_F_A_9_F
function, there is a misuse of theerc20::transfer_to_addr
function. The correct parameter order for this function is (token, recipient, amount) https://github.com/code-423n4/2024-08-superposition/blob/main/pkg/seawater/src/wasm_erc20.rs#L158but in the current implementation, the order is incorrect as it sending recipient in place of token Address .
Tools Used
Manual Review
Recommended Mitigation Steps
Correct the parameter order in the
erc20::transfer_to_addr
function calls:Assessed type
Token-Transfer