search

hats-finance / Tapioca--Lending-Engine--0x5bee198f5b060eecd86b299fdbea6b0c07c728dd

Other
0 stars 0 forks source link

`IPearlmit.approve` and `IPearlmit.allowance` api signature isn't correct #10

Open hats-bug-reporter[bot] opened 1 month ago

hats-bug-reporter[bot] commented 1 month ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0xd6ffa3f3b5644efd3a0bc9884fdbadc8e0153b0b99c7fff88c5f09fb70ded997 Severity: high

Description: Description\ I will take IPearlmit.allowance as example.

[IPearlmit.approve] and [IPearlmit.allowance] is defined in IPearlmit.sol#L36-L42

 36     function approve(uint256 tokenType, address token, uint256 id, address operator, uint200 amount, uint48 expiration)
 37         external;
 38 
 39     function allowance(address owner, address operator, uint256 tokenType, address token, uint256 id)
 40         external
 41         view
 42         returns (uint256 allowedAmount, uint256 expiration);

And IPearlmit.allowance is used in Market.sol#L419 and Market.sol#L440

419                 (pearlmitAllowed,) = penrose.pearlmit().allowance(from, msg.sender, 20, address(this), 0);

penrose.pearlmit()'s type defination should be Pearlmit.sol, and allowance is not defined in Pearlmit.sol, but Pearlmit is inherited from PermitC, and in PermitC.sol, [IPearlmit.allowance] is defined as:

 218     function allowance(
 219         address owner,
 220         address operator,
 221         address token,
 222         uint256 id
 223     ) external view returns (uint256 allowedAmount, uint256 expiration) {
 224         return _allowance(owner, operator, token, id, ZERO_BYTES32);
 225     }
...
 758     function allowance(
 759         address owner,
 760         address operator,
 761         address token,
 762         uint256 id,
 763         bytes32 orderId
 764     ) external view returns (uint256 allowedAmount, uint256 expiration) {
 765         return _allowance(owner, operator, token, id, orderId);
 766     }

None of the signature matches IPearlmit.allowance

Same issue happens to IPearlmit.approve

Attack Scenario\ Without the correct signature, the function will revert when calling the api

cryptotechmaker commented 1 month ago

Nothing seems off in the latest version of PermitC that we're using https://github.com/Tapioca-DAO/PermitC/blob/main/src/PermitC.sol#L264