search

sherlock-audit / 2024-11-telcoin-judging

0 stars 0 forks source link

0xPhantom - Underflow in the swap function #149

Open sherlock-admin2 opened 2 weeks ago

sherlock-admin2 commented 2 weeks ago

0xPhantom

High

Underflow in the swap function

Summary

With the swap function if a user want to perform a defi swap and a stablecoin swap with the same origin token for both swaps then the call will revert because of an arithmetic underflow. The problem occur here because of no safety check if the fBalance is higher than the iBalance :

https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L93 It's the case if the two origin amount are the same.

Root Cause

There is a missing check in the swap function.

Internal pre-conditions

None.

External pre-conditions

none.

Attack Path

  1. a user want to perform a defi swap and a stablecoin swap with the same origin token.

Impact

the call will revert every time making this configuration impossible

PoC

Bob decide to have 20 USDC in his wallet. He want to swap with defi 10 USDC for some AAVE token. And perform a stableCoin swap of 10 USDC for 10 eUSD. after the defi swap the balance of bob is 10 USDC. 10<20 so the call will revert because of the check.

Some other cases are possible since the user using the aggregator can perform multiple swaps.

Let say bob swap 10 AAVE token for 11 USDC in the defiSwap and then swap 20 USDC for 10 Link token and 1 Link token for 2 USDC. The delta of his balance will be negative because : previousBobUSDCBalance +11 - 20 +2 <previousBobUSDCBalance since 11-20+2 == -7

Mitigation

The protocol should change add a safety check here : 

 if (fBalance > iBalance ) ss.oAmount = fBalance - iBalance;