Closed sherlock-admin4 closed 3 months ago
KupiaSec
medium
There exists a needless validation in the flash loan callback and it blocks MetapoolRouter.swapETHForYt() in most cases.
MetapoolRouter.swapETHForYt()
MetapoolRouter.swapETHForYt() uses Balancer flash loan in order to get desired YT. In the flash loan callback, there exists a weird validation.
MetapoolRouter.sol 333: if (repayAmount > remaining) revert Errors.MetapoolRouterInsufficientETHRepay();
The user of swapETHForYt needs to send more than spent of ETH in order to get needed YT. So remaining will be nearly 0 in most cases.
swapETHForYt
spent
remaining
MetapoolRouter.sol 332: uint256 remaining = TransientStorage.tloadU256(TSLOT_CB_DATA_VALUE) - spent;
repayAmount is the amount for repaying to balancer flashloan. So the condition in line 333 holds in most cases and MetapoolRouter.swapETHForYt() will revert in most cases.
repayAmount
MetapoolRouter.swapETHForYt() doesn't work in most cases.
Manual Review
https://github.com/sherlock-audit/2024-05-napier-update/tree/main/metapool-router/src/MetapoolRouter.sol#L332-L333
Remove the validation in line 333 of MetapoolRouter.sol.
MetapoolRouter.sol
Duplicate of #36
KupiaSec
medium
MetapoolRouter.swapETHForYt() validates a wrong condition and this blocks intended workflow in most cases
Summary
There exists a needless validation in the flash loan callback and it blocks
MetapoolRouter.swapETHForYt()
in most cases.Vulnerability Detail
MetapoolRouter.swapETHForYt()
uses Balancer flash loan in order to get desired YT. In the flash loan callback, there exists a weird validation.The user of
swapETHForYt
needs to send more thanspent
of ETH in order to get needed YT. Soremaining
will be nearly 0 in most cases.repayAmount
is the amount for repaying to balancer flashloan. So the condition in line 333 holds in most cases andMetapoolRouter.swapETHForYt()
will revert in most cases.Impact
MetapoolRouter.swapETHForYt()
doesn't work in most cases.Tool used
Manual Review
Code Snippet
https://github.com/sherlock-audit/2024-05-napier-update/tree/main/metapool-router/src/MetapoolRouter.sol#L332-L333
Recommendation
Remove the validation in line 333 of
MetapoolRouter.sol
.Duplicate of #36