Missing token approvals can result in DoS in Marketplace.sol
Summary
The setPrincipal method approves Notional but not the other protocols
Vulnerability Detail
The setPrincipal() method in Marketplace.sol calls the Lender.solapprove method for Notional, but it doesn't do the same for APWine or Element even though the approve method explicitly shows they need approvals too. This can result in a DoS if functionality is used where APWine or Element functionality that uses safeTransferFrom because it won't have the necessary approvals.
Impact
The impact will be DoS on functionality using APWine and Element in Marketplace.sol
pashov
medium
Missing token approvals can result in DoS in
Marketplace.solSummary
The
setPrincipalmethod approvesNotionalbut not the other protocolsVulnerability Detail
The
setPrincipal()method inMarketplace.solcalls theLender.solapprovemethod for Notional, but it doesn't do the same for APWine or Element even though theapprovemethod explicitly shows they need approvals too. This can result in a DoS if functionality is used where APWine or Element functionality that usessafeTransferFrombecause it won't have the necessary approvals.Impact
The impact will be DoS on functionality using APWine and Element in
Marketplace.solCode Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Marketplace.sol#L209
Tool used
Manual Review
Recommendation
Make the
setPrincipal()method callILender(lender).approve()for APWine & Element as wellDuplicate of #40