Open sherlock-admin4 opened 5 months ago
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
According to ILeverageExecutor (interface for the leverageExecutor contract) this parameter should indeed by address from which is calldata_.from; therefore; I assume everything is in place as it should be. For second point; as I understand safeApprove is called correctly; the problem is that we should deposit asset; not collateral; As I udnerstand; the 3rd point also works correct as intended
The protocol team fixed this issue in PR/commit https://github.com/Tapioca-DAO/Tapioca-bar/pull/359.
bin2chen
medium
buyCollateral() does not work properly
Summary
The
BBLeverage.buyCollateral()
function does not work as expected.Vulnerability Detail
The implementation of
BBLeverage.buyCollateral()
is as follows:The code above has several issues:
leverageExecutor.getCollateral()
receiver should beaddress(this)
. ---> for 2th step deposit to YBaddress(asset).safeApprove()
should useaddress(collateral).safeApprove()
.yieldBox.depositAsset()
receiver should becalldata_.from
. ----> for next execute addCollateral(calldata.from)Note: SGLLeverage.sol have same issue
Impact
buyCollateral()
does not work properly.Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLeverage.sol#L53C1-L110C6
Tool used
Manual Review
Recommendation