Closed sherlock-admin2 closed 6 months ago
This should be the main issue imo, duped with https://github.com/sherlock-audit/2024-02-tapioca-judging/issues/42 given that both issues happen in the same line and the narrative of being unusable is the same. The narrative would be that both issues are partially explained given that each one missed the other, though it can be explained in a common one (sellCollateral does not work).
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
refer to comments on #100
bin2chen
medium
sellCollateral() does not work properly
Summary
The
BBLeverage.sellCollateral()
function does not work as expected.Vulnerability Detail
The implementation of
BBLeverage.sellCollateral()
is as follows:The code above has several issues:
leverageExecutor.getAsset()
receiver should beaddress(this)
. ---> for next step deposit to YByieldBox.depositAsset()
receiver should befrom
. ----> for next execute _repay(from,from)Impact
sellCollateral()
does not work properly.Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLeverage.sol#L126C1-L163C2
Tool used
Manual Review
Recommendation
Duplicate of #42