search

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

bughuntoor - There's no way for a swap to use both pre-owned funds and ones received from the `defiSwap` #38

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

bughuntoor

medium

There's no way for a swap to use both pre-owned funds and ones received from the defiSwap

Summary

There's no way for a swap to use both pre-owned funds and ones received from the defiSwap

Vulnerability Detail

Let's look at the code of stablecoinSwap 

    function stablecoinSwap(
        address wallet,
        address safe,
        StablecoinSwap memory ss,
        DefiSwap memory defi
    ) external payable onlyRole(SWAPPER_ROLE) {
        // checks if it will fail
        _verifyStablecoin(wallet, safe, ss, defi);

        //eXYZ ot eXYZ
        if (isXYZ(ss.origin) && isXYZ(ss.target)) {
            swapAndSend(wallet, ss);
            return;
        }

        //stablecoin swap
        if (isXYZ(ss.origin) && !isXYZ(ss.target))
            convertFromEXYZ(wallet, safe, ss);

        //defi swap
        uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
        if (defi.walletData.length != 0) defiSwap(wallet, safe, defi);
        uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
        // //stablecoin swap
        if (!isXYZ(ss.origin) && isXYZ(ss.target)) {
            if (fBalance - iBalance != 0) ss.oAmount = fBalance - iBalance;
            convertToEXYZ(wallet, safe, ss);
        }
    }

In the case where there's walletData included, it performs a swap and if there's difference in the balances after the swap, it uses that delta for the non-stablecoin to stablecoin swap.

The problem is that ss.oAmount is overridden by that delta, making it impossible for a user to use both pre-owned and post-defiSwap funds for the same trade/ swap

Impact

value overriden

Code Snippet

https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/swap/AmirX.sol#L66C1-L94C6

Tool used

Manual Review

Recommendation

change the = to +=

sherlock-admin4 commented 8 months ago

2 comment(s) were left on this issue during the judging contest.

WangAudit commented:

function works as intended

takarez commented:

invalid