search

hats-finance / Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784

0 stars 0 forks source link

depositWithSignature() won't work and always revert due to missing permit function in deposited asset #62

Open hats-bug-reporter[bot] opened 1 week ago

hats-bug-reporter[bot] commented 1 week ago

Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0x65db4f9773c0e4f7ecce60decd9cb1711a85e625ffec2b6bf429a25b1954497d Severity: medium

Description:

Title

depositWithSignature() won't work and always revert due to missing permit function in deposited asset.

Severity

Medium

Affected contracts

wrstMTRG.sol, wstARB.sol, wstDOJ.sol, wstMANTA.sol, wstMETIS.sol, wstROSE.sol, wstVLX.sol, wstZETA.sol and wstToken.sol

Vulnerability Detail

wstToken.sol is the referred contract from which the above contracts are deployed. wstToken is ERC4626 compatible. For example, in case of wstROSE.sol, it allows to deposit stROSE token and mints wstROSE tokens. This issue is with depositWithSignature() function of wstToken.sol:

    function depositWithSignature(
        uint256 assets,
        address receiver,
        uint256 deadline,
        bool approveMax,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external nonReentrant returns (uint256 shares) {
        uint256 amount = approveMax ? type(uint256).max : assets;
        asset.permit(msg.sender, address(this), amount, deadline, v, r, s);
        return (deposit(assets, receiver));
    }

depositWithSignature() is used to deposit the assets via permit and later deposits in single transaction. depositWithSignature() will always revert and won't work as expected as the asset being permitted to address(this) i.e wstToken.sol contract does not have permit() function in its implementation. This can be checked in stToken.sol here

Therefore, assets like rstMTRG.sol, stARB.sol, stDOJ.sol, stMANTA.sol, stMETIS.sol, stROSE.sol, stVLX.sol, stZETA.sol tokens does not have permit() function to work correctly in depositWithSignature() function for depositing of stToken in vaults.

Impact

Assets can not be deposited in wstToken contracts due to missing permit() function in deposited assets as described above.

Recommendation to fix

Implement permit() function in stToken.sol and also make relevant changes in rstMTRG.sol, stARB.sol, stDOJ.sol, stMANTA.sol, stMETIS.sol, stROSE.sol, stVLX.sol, stZETA.sol contracts.

Consider below changes in stToken.sol:

1) Add this openzeppelin's ERC20Permit.sol in stToken.sol.

2) Inherit the added ERC20Permit.sol.

- contract stToken is ERC20, ERC20Burnable, Pausable, Ownable {
+ contract stToken is ERC20, ERC20Burnable, ERC20Permit, Pausable, Ownable {
    constructor(
        string memory name,
        string memory symbol,
        uint8 decimals
-     ) ERC20(name, symbol, decimals) {}
+    ) ERC20(name, symbol, decimals) ERC20Permit(name) {}

     . . . some code . . .