this line captures the initial balance of the user's ss.origin token (the token the user is going to swap from) before any operation happens. It does this by calling the balanceOf function
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
If there is a DeFi swap, the function _defiSwap(wallet, defi) is called
After performing the DeFi swap this line captures the final balance of ss.origin token after the swap. The idea is to check how the balance has changed as a result of the operation
This line calculates the difference between the final balance (fBalance) and the initial balance (iBalance). This difference represents the amount of tokens spent or received due to the DeFi swap
the f balance after (increase in balance) is not updated or accounted for the amount recieved is never updated
meaning the f balance and i balance will remain the same if which will trigger this line (fBalance - iBalance != 0) as a result the balance of the wallet will be wrong it wont reflect the true amount wallet received leading to wrong balance update
nikhilx0111
High
wrong balance check
Summary
This part of the code is inside the swap function, which is responsible for handling both DeFi and stablecoin swaps.
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L89-L93
this line captures the initial balance of the user's ss.origin token (the token the user is going to swap from) before any operation happens. It does this by calling the balanceOf function
If there is a DeFi swap, the function _defiSwap(wallet, defi) is called
After performing the DeFi swap this line captures the final balance of ss.origin token after the swap. The idea is to check how the balance has changed as a result of the operation
This line calculates the difference between the final balance (fBalance) and the initial balance (iBalance). This difference represents the amount of tokens spent or received due to the DeFi swap
If the balance has changed (i.e., fBalance - iBalance != 0), it adjusts the amount. The oAmount represents the current balance of the wallet
however when the swap is performed
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L166-L172
the f balance after (increase in balance) is not updated or accounted for the amount recieved is never updated meaning the f balance and i balance will remain the same if which will trigger this line (fBalance - iBalance != 0) as a result the balance of the wallet will be wrong it wont reflect the true amount wallet received leading to wrong balance update
Root Cause
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L90-L93
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L166-L171
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
not an attack
Impact
loss of funds for the wallet owner
PoC
No response
Mitigation
when swap is executed check the amount received from swap and update the f balance