Closed sherlock-admin closed 2 years ago
The admin has a method specifically for approving the transfer of principal tokens. It is to be called by the admin
:
function approve(
address u,
uint256 m,
address r
) external authorized(admin) returns (bool);
ctf_sec
high
In Redeemer.sol contract, allowance is not properly given to underlying contract before redeeming.
Summary
In Redeemer.sol contract, allowance is not properly given to underlying contract before redeeming.
Vulnerability Detail
Note that in Lender.sol, we have this function
this is important because this function needs to be properly called so the underlying smart contract has allowance.
The illuminate integrates with 9 protocol, the lending flow is that the user transfer fund to the lender.sol lender interact with external contract, external contract transfer the fund that user supply out and then mint someting to lender. This is the step where we need allowance.
We need to approve that an external contract can use the lender's fund.
I think the same case applies to the redeemer.sol
When redeeming, the we transfer the fund from lender.sol to the redeemer
then the external contract burn the token and return us other token. To let external contract burn our token, we need to give proper allowance.
However, the only approve function in Redeemer.sol is:
I believe this is not sufficient, if the external contract has insufficient allowance to burn out token, redeem fails.
Impact
Let us go over an example using the Sense finance redeem.
This is what is called for Sense finance redeem.
which calls:
https://github.com/sense-finance/sense-v1/blob/7b37dec129dbf207a2d2ac2469ced7c75b157691/pkg/core/src/Divider.sol#L305
note the line:
We does not give the sufficient allowance for token to burn!!
I think the same situation applies to rest of the redeem function including Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols if the underlying contract burn our token or transfer out fund!
Code Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L276-L324
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L368-L377
Tool used
Manual Review
Recommendation
We recommend the project add the function in redeemer as well so admin can give proper allowance for redeeming!
Or Please approve before redeeming for each redeem operation.