Closed sherlock-admin4 closed 3 months ago
The protocol team fixed this issue in PR/commit https://github.com/Tapioca-DAO/Tapioca-bar/pull/361.
Escalate
This should be a duplicate of #115, the interface used for getAsset
is wrong
Escalate
This should be a duplicate of #115, the interface used for
getAsset
is wrong
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
I believe they are separate issues, this seems to be an issue relating to the correct use of the interface with 6 arguments but inputting the wrong parameter whereas the other issue is talking about wrong use of interface.
I believe they are separate issues, this seems to be an issue relating to the correct use of the interface with 6 arguments but inputting the wrong parameter whereas the other issue is talking about wrong use of interface.
Yes sorry my message was a bit short, I meant since the whole set of arguments needs to be changed anyway, the fix to #115 will also most likely fix this one (which IIRC is a criteria for duplication).
I agree with @CergyK escalation, and we can duplicate them. The root of these issues is the leverageExecutor
interface, which is incorrect.
Planning to accept the escalation and duplicate with #115.
Result: Medium Duplicate of #115
bin2chen
medium
sellCollateral() using incorrect parameters when calling getAsset
Summary
sellCollateral() using incorrect parameters when calling getAsset
Vulnerability Detail
BBLeverage.sellCollateral()
the code is follows:In the function call
getAsset(assetId, address(collateral)...)
, the second parameter is passed ascollateral
, but it should actually beasset
.Impact
Incorrect usage of
getAsset()
can lead to exchange failures.Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLeverage.sol#L144
Tool used
Manual Review
Recommendation
Duplicate of #115