search

sherlock-audit / 2024-02-tapioca-judging

3 stars 2 forks source link

bin2chen - mTOFT.wrap/unwrap incorrect permission restriction #108

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 4 months ago

bin2chen

medium

mTOFT.wrap/unwrap incorrect permission restriction

Summary

mTOFT.wrap()/unwrap() It is not correct to restrict only balancers can call;

Vulnerability Detail

docs:

"mTOFT" or "Meta-tOFT" are an extension of the tOFT which act as a "liquidity reunification wrapper", for assets deployed on multiple blockchains such as mtETH. Meta tOFT offers the ability for users to deposit WETH from Ethereum, Optimism, and Arbitrum in one market via mtWETH. Wrapping ETH from any non-host chain (non-Arbitrum) bears a 0.5% mint fee in order to protect the protocol from cross chain arbitrage. Secondarily, mTOFT has a "mint cap" which caps the total amount of mtETH which can be minted at one time, which is equivalent to the usable amount in Big Bang, or equal to the mtETH Big Bang market debt ceiling.

There should be no permission restrictions on this, but at present, the restrictions can only be balancers'

    function wrap(address _fromAddress, address _toAddress, uint256 _amount)
        external
        payable
        whenNotPaused
        nonReentrant
        returns (uint256 minted)
    {
@>      if (balancers[msg.sender]) revert mTOFT_BalancerNotAuthorized();
        if (!connectedChains[_getChainId()]) revert mTOFT_NotHost();
        if (mintCap > 0) {
            if (totalSupply() + _amount > mintCap) revert mTOFT_CapNotValid();
        }
...

    function unwrap(address _toAddress, uint256 _amount) external nonReentrant whenNotPaused {
        if (!connectedChains[_getChainId()]) revert mTOFT_NotHost();
@>      if (balancers[msg.sender]) revert mTOFT_BalancerNotAuthorized();
        _unwrap(_toAddress, _amount);
    }

Impact

Wrong permission limit, other users can't execute it.

Code Snippet

https://github.com/sherlock-audit/2024-02-tapioca/blob/main/TapiocaZ/contracts/tOFT/mTOFT.sol#L294

Tool used

Manual Review

Recommendation

    function wrap(address _fromAddress, address _toAddress, uint256 _amount)
        external
        payable
        whenNotPaused
        nonReentrant
        returns (uint256 minted)
    {
-      if (balancers[msg.sender]) revert mTOFT_BalancerNotAuthorized();
        if (!connectedChains[_getChainId()]) revert mTOFT_NotHost();
        if (mintCap > 0) {
            if (totalSupply() + _amount > mintCap) revert mTOFT_CapNotValid();
        }
...

    function unwrap(address _toAddress, uint256 _amount) external nonReentrant whenNotPaused {
        if (!connectedChains[_getChainId()]) revert mTOFT_NotHost();
-      if (balancers[msg.sender]) revert mTOFT_BalancerNotAuthorized();
        _unwrap(_toAddress, _amount);
    }
cryptotechmaker commented 4 months ago

Invalid; the restriction is about balancers who cannot call it; Other users are able to do perform the actions

nevillehuang commented 3 months ago

Invalid, check is correct, anybody can execute it except for balancers