The purpose of the autoRedeem() function is to make it easier for some users to redeem the underlying when they are not available. But this feature could be abused to DoS the function and lock users' fund.
Vulnerability Detail
If the allowance and amount are close, the griefer can send just enough of PT to the victim's address to just make the if (allowance < amount) check fail.
141345
medium
DoS
autoRedeem()
to lock other users fundSummary
The purpose of the
autoRedeem()
function is to make it easier for some users to redeem the underlying when they are not available. But this feature could be abused to DoS the function and lock users' fund.Vulnerability Detail
If the allowance and amount are close, the griefer can send just enough of PT to the victim's address to just make the
if (allowance < amount)
check fail.Impact
autoRedeem()
function.autoRedeem()
function could be easily DoS and fail.Code Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L511-L525
Tool used
Manual Review
Recommendation
autoRedeem()
function.Duplicate of https://github.com/sherlock-audit/2022-10-illuminate-judging/issues/205