Closed sherlock-admin closed 1 year ago
twcctop
high
receivedAmount
BuyOrderIssuer.sol#_fillBuyOrder doesn't transfer receivedAmount, making the contract can not receive the receivedAmount token.
BuyOrderIssuer.sol#_fillBuyOrder
BuyOrderIssuer.sol#_fillBuyOrder should transfer receivedAmount to this contract, compare to SellOrderProcessor.sol#_fillOrderAccounting,
SellOrderProcessor.sol#_fillOrderAccounting
IERC20(orderRequest.paymentToken).safeTransferFrom(msg.sender, address(this), receivedAmount);
BuyOrderIssuer lack of related logic
BuyOrderIssuer can not receive receivedAmount token.
https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/BuyOrderIssuer.sol#L161-L189
Manual Review
add transfer logic
twcctop
high
BuyOrderIssuer.sol#_fillBuyOrder doesn't transfer
receivedAmountSummary
BuyOrderIssuer.sol#_fillBuyOrderdoesn't transferreceivedAmount, making the contract can not receive the receivedAmount token.Vulnerability Detail
BuyOrderIssuer.sol#_fillBuyOrdershould transferreceivedAmountto this contract, compare toSellOrderProcessor.sol#_fillOrderAccounting,BuyOrderIssuer lack of related logic
Impact
BuyOrderIssuer can not receive receivedAmount token.
Code Snippet
https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/BuyOrderIssuer.sol#L161-L189
Tool used
Manual Review
Recommendation
add transfer logic