Closed sherlock-admin3 closed 5 months ago
2 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; _unwrap sends USDCs: if (receiver != address(this)) USDC.push(receiver, UFixed6Lib.from(amount));
FSchmoede commented:
Incorrect. USDC is pushed to receiver as part of _unwrap.
0xtenma
medium
Tokens are not pushed to account after unwrapping in
MultiInvoker::_withdraw()
Summary
Tokens are not pushed to account after unwrapping in
MultiInvoker::_withdraw()
Vulnerability Detail
When calling
invoke()
function, we call the_update()
function and this function calls the_withdraw()
function if thewithdrawAmount
is not 0, now if we look at_withdraw
function it takes three parametersaccount
,account
andwrap
to withdraw the funds. Ifwrap
is true, it calls_unwrap
function to unwrap DSU tokens. The issue is that it doesn't push the amount of USDC to account address like we have done inelse
block, pushing DSU amount to account address usingDSU.push(account, UFixed18Lib.from(amount));
.MultiInvoker::_update()
:From the above function we are calling
MultiInvoker::_withdraw()
:Impact
Withdraw won't work properly after unwrapping USDC.
Code Snippet
https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L304C1-L310C6
Tool used
Manual Review
Recommendation
We recommend to add this line to send the USDC to the account.