Bumpy Rainbow Mustang - Mismatch between the Interface and function calls

[sherlock-admin4]

Bumpy Rainbow Mustang

High

Mismatch between the Interface and function calls

Summary

The whole protocol depends on the LOAN_TOKEN instance of OpenZeppelin's IERC20.sol interface but it's own interface was never created , function calls to these non-existent functions will always revert

Root Cause

In PredictDotLoan.sol, OpenZeppelin's IERC20 was imported and an immutable instance of it was created and named LOAN_TOKEN here, but as interfaces go, this one was not declared anywhere in the repository, therefore the only functions it has access to are the ones from IERC20.sol but the entire protocol has implemented different function calls to a non-existent interface therefore they would always revert

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Most of the protocol's loan functionality would be inoperable as LOAN_TOKEN is meant to take all the protocols core function calls

PoC

This snippet is from PredictDotLoan.sol's _fillOrder, full function here

    function _fillOrder(Order calldata exchangeOrder, ICTFExchange exchange) private {
        LOAN_TOKEN.safeIncreaseAllowance(address(exchange), exchangeOrder.takerAmount);
        exchange.fillOrder(exchangeOrder, exchangeOrder.makerAmount);
        LOAN_TOKEN.forceApprove(address(exchange), 0);
    }

In _fillOrder above two function calls are made which are not declared in the imported IERC20.sol safeIncreaseAllowance and forceApprove so _fillOrder will always revert which would deter the protocol's overall functionality

Mitigation

Declare an actual interface for the LOAN_TOKEN that implements all the functions that were declared before.