Actors will be unable to Exchange Quote Tokens for Collateral in ERC20Pool Auctions
Summary
The current implementation of the TakerActions._take function restricts users from exchanging their quote tokens for collateral, limiting this functionality to only the ERC721 pool type. As a result, actors are unable to perform this exchange in ERC20Pool auctions.
Vulnerability Detail
The current implementation of the ERC20Pool.take function prevents actors from taking collateral from the auction in exchange for quote tokens, specifically for the ERC20 pool type. This function interacts with the TakerActions.take function, which performs various logic before internally calling the _take function. The _take function is responsible for the actual collateral take operation from the auction.
// for NFT take make sure the take flow and bond change calculation happens for the rounded collateral that can be taken
if (params_.poolType == uint8(PoolType.ERC721)) {
takeableCollateral = (takeableCollateral / 1e18) * 1e18;
}
if (params_.poolType == uint8(PoolType.ERC721)) {
// slither-disable-next-line divide-before-multiply
Impact
Actors will be unable to exchange their quote token to a borrower's collateral token during an auction due to the ERC20Pool.take function not working as expected
Tendency
medium
Actors will be unable to Exchange Quote Tokens for Collateral in ERC20Pool Auctions
Summary
The current implementation of the
TakerActions._takefunction restricts users from exchanging their quote tokens for collateral, limiting this functionality to only the ERC721 pool type. As a result, actors are unable to perform this exchange in ERC20Pool auctions.Vulnerability Detail
The current implementation of the
ERC20Pool.takefunction prevents actors from taking collateral from the auction in exchange for quote tokens, specifically for the ERC20 pool type. This function interacts with theTakerActions.takefunction, which performs various logic before internally calling the_takefunction. The_takefunction is responsible for the actual collateral take operation from the auction.Ideally, the
_takefunction should be designed to handle both the ERC721 and ERC20 pool types separately. However, the current implementation limits the functionality of_taketo only the ERC721 pool type, making it inaccessible for the ERC20 pool type. https://github.com/sherlock-audit/2023-04-ajna/blob/e2439305cc093204a0d927aac19d898f4a0edb3d/ajna-core/src/libraries/external/TakerActions.sol#L337-L402Impact
Actors will be unable to exchange their quote token to a borrower's collateral token during an auction due to the
ERC20Pool.takefunction not working as expectedCode Snippet
https://github.com/sherlock-audit/2023-04-ajna/blob/e2439305cc093204a0d927aac19d898f4a0edb3d/ajna-core/src/ERC20Pool.sol#L390-L429
https://github.com/sherlock-audit/2023-04-ajna/blob/e2439305cc093204a0d927aac19d898f4a0edb3d/ajna-core/src/libraries/external/TakerActions.sol#L200-L267
Tool used
Manual Review
Recommendation
To address this issue, the TakerActions._take function needs to be revised to support both pool types.