Closed sherlock-admin closed 2 years ago
8olidity
medium
Marketplace::burn()
Marketplace::burn() Logic problem
In burn() and burnForUnderlying() of the Marketplace, the comment says transfer the underlying tokens to the pool. But the code is not the underlying token that is being sent
burn()
burnForUnderlying()
transfer the underlying tokens to the pool
Safe.transferFrom(IERC20(address(pool)), msg.sender, address(pool), a);
Here we should take IERC20(pool.base())
IERC20(pool.base())
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Marketplace.sol#L549
Manual Review
Safe.transferFrom(IERC20(address(pool.base())), msg.sender, address(pool), a);
8olidity
medium
Marketplace::burn()
Logic problemSummary
Marketplace::burn()
Logic problemVulnerability Detail
In
burn()
andburnForUnderlying()
of the Marketplace, the comment saystransfer the underlying tokens to the pool
. But the code is not the underlying token that is being sentHere we should take
IERC20(pool.base())
Impact
Marketplace::burn()
Logic problemCode Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Marketplace.sol#L549
Tool used
Manual Review
Recommendation