buyCollateral function pass a false value of skim param for adding collateral
Summary
In the buyCollateral function of BBLeverage or SGLLeverage, collateral tokens are deposited to YieldBox for the contract. However, this function calls _addCollateral with skim set to false, which will pull collateral from the user's YieldBox position.
Vulnerability Detail
buyCollateral function is used to borrow assets and swap to add collateral into the market. Although it already receives collateral shares of YieldBox after depositing, it calls _addCollateral with the skim parameter set to false.
duc
high
buyCollateral
function pass afalse
value of skim param for adding collateralSummary
In the buyCollateral function of BBLeverage or SGLLeverage, collateral tokens are deposited to YieldBox for the contract. However, this function calls
_addCollateral
with skim set to false, which will pull collateral from the user's YieldBox position.Vulnerability Detail
buyCollateral
function is used to borrow assets and swap to add collateral into the market. Although it already receives collateral shares of YieldBox after depositing, it calls_addCollateral
with theskim
parameter set to false.This results in collateral being incorrectly pulled from the user, even though the necessary tokens are already present in the contract.
Impact
Users will get losses of funds when using the
buyCollateral
function if they have enough collateral shares and allowance.Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLeverage.sol#L109 https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/singularity/SGLLeverage.sol#L92
Tool used
Manual Review
Recommendation
buyCollateral
function should call_addCollateral
with theskim
parameter set to true.Duplicate of #139