Depositing incorrect tokens in the BBLeverage.sellCollateral function
Summary
The sellCollateral function is used to sell a user's collateral to obtain asset shares in YieldBox to repay their loan. However, after swapping to asset tokens, the BBLeverage.sellCollateral function attempts to deposit collateral tokens into YieldBox instead of asset tokens.
Vulnerability Detail
In BBLeverage.sellCollateral function:
amountOut = leverageExecutor.getAsset(
assetId, address(collateral), address(asset), memoryData.leverageAmount, from, data
);
memoryData.shareOut = yieldBox.toShare(assetId, amountOut, false);
address(asset).safeApprove(address(yieldBox), type(uint256).max);
yieldBox.depositAsset(collateralId, address(this), address(this), 0, memoryData.shareOut); // TODO Check for rounding attack?
This function collects asset tokens by swapping in leverageExecutor.getAsset() function. However, it mistakenly uses collateralId to call yieldBox.depositAsset, causing it to attempt to deposit collateral tokens. It's a serious coding mistake in BBLeverage.sellCollateral, but it doesn't exist inSGLLeverage.sellCollateral function.
Impact
BBLeverage.sellCollateral doesn't work (core functionality broken)
duc
medium
Depositing incorrect tokens in the
BBLeverage.sellCollateral
functionSummary
The
sellCollateral
function is used to sell a user's collateral to obtain asset shares in YieldBox to repay their loan. However, after swapping to asset tokens, theBBLeverage.sellCollateral
function attempts to deposit collateral tokens into YieldBox instead of asset tokens.Vulnerability Detail
In
BBLeverage.sellCollateral
function:This function collects asset tokens by swapping in
leverageExecutor.getAsset()
function. However, it mistakenly usescollateralId
to callyieldBox.depositAsset
, causing it to attempt to deposit collateral tokens. It's a serious coding mistake inBBLeverage.sellCollateral
, but it doesn't exist inSGLLeverage.sellCollateral
function.Impact
BBLeverage.sellCollateral
doesn't work (core functionality broken)Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLeverage.sol#L149
Tool used
Manual Review
Recommendation
Should use
assetId
instead ofcollateralId
for depositing into YieldBox inBBLeverage.sellcollateral
functionDuplicate of #42