Closed sherlock-admin closed 1 year ago
Zero address check in the constructor. Low/Informational.
Escalate for 10 USDC
submit() is a routine operation, and contrary to configuration setting level checks, have higher probability of the operational mistake. I.e. despite being onlyOwner it will be run daily/weekly, not as a once a year setup where the checks will be just moved to deploy script. The impact here is irreversible loss of principal funds. Despite being input check suggestion Med is viable for the wallet
part.
_aggregator
check in constructor is indeed low, was included here for completeness, having similar root cause.
Escalate for 10 USDC submit() is a routine operation, and contrary to configuration setting level checks, have higher probability of the operational mistake. I.e. despite being onlyOwner it will be run daily/weekly, not as a once a year setup where the checks will be just moved to deploy script. The impact here is irreversible loss of principal funds. Despite being input check suggestion Med is viable for the
wallet
part._aggregator
check in constructor is indeed low, was included here for completeness, having similar root cause.
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalation rejected
Zero address check, anticipating an operational mistake from a trusted admin is not a valid medium.
Escalation rejected
Zero address check, anticipating an operational mistake from a trusted admin is not a valid medium.
This issue's escalations have been rejected!
Watsons who escalated this issue will have their escalation amount deducted from their next payout.
hyh
medium
FeeBuyback's submit can lose funds if used with zero addresses, which is allowed
Summary
It's now allowed to use FeeBuyback's submit() with zero
wallet
or zero_aggregator
, while low level calls are performed with both addresses.Vulnerability Detail
Low-level calls submit() perform will return success if used with zero addresses as the failure need to come from the contract that is being called, while zero address will not do that. In both cases no operations will be performed.
Impact
Not executing the primary swap, but paying the fee is the fund loss for an owner.
Executing the primary swap, but not paying the fee as there is no TEL on the balance is the fund loss for a recipient.
Also, when MATIC is used the native funds sent to zero address via
_aggregator.call{value: msg.value}(swapData)
end up being lost.Code Snippet
Both
_aggregator
(in constructor) andwallet
(in submit() below) aren't checked to be non-zero:https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/fee-buyback/FeeBuyback.sol#L28-L33
Low-level calls submit() perform will be successful if the address called (
wallet
, or_aggregator
later) is zero:https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/fee-buyback/FeeBuyback.sol#L35-L82
Notice, that
_telcoin.balanceOf(address(this))
is allowed to be zero, which can happen as the secondary swap become a noop when_aggregator
is zero.In this case the funds will be lost as the native funds transfer executes even if the address is zero, while for the reverting to happen the contract have to indicate this, which will not be happening.
Tool used
Manual Review
Recommendation
Control for both
_aggregator
andwallet
to be non-zero:https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/fee-buyback/FeeBuyback.sol#L28-L33
https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/fee-buyback/FeeBuyback.sol#L35-L82