DefiToStableCoinSwap can revert due to miscalculation of tokens
Summary
In both defiToStableCoinSwap and StableCoin Swap , the amount of tokens which is going to be minted while doing the stablecoin swap is either obtain from defiSwap or will be in wallet respectively. And here if fee token would be SS.origin then there can be case amout which going to burn in stablecoin swap will be less and would always revert.
lets consider a scenario, when user use defiToStableCoinSwap for X token --> USDC --> eUSdt
then after defi swap, the amount of token he recieved some of which will be transfered as feeToken and further will be used in defi swap . Now this token too can be there as fee Currency in stable coin swap. there too some tokens will be initially transferred to stableCoinFeeSafe. So if 100 uSDC would be obtain after giving some tokens to defi swap fees and then initailly if 5 tokens will be transferred to feeSafe it would be left with 95. So only 95 would be present in wallet.
but while doing burning or safeTransferFrom ( if usdc), ss.oAmount is used which will be 100. and that amount of tokens will be not there in wallet
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Only StableCoinSwap can be revert due to fee token is being same as ss.origin then , and fee will be given from ss.origin amount so there will be less token to burn or transfer from , so it will revert. Same can happen in DefiToStableCoin too
PoC
No response
Mitigation
Amount of tokens which is to be transfer in stablecoinSwap should be subtracted by feeAmount
0xlucky
High
DefiToStableCoinSwap can revert due to miscalculation of tokens
Summary
In both defiToStableCoinSwap and StableCoin Swap , the amount of tokens which is going to be minted while doing the stablecoin swap is either obtain from defiSwap or will be in wallet respectively. And here if fee token would be SS.origin then there can be case amout which going to burn in stablecoin swap will be less and would always revert.
Root Cause
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L111C5-L128C6
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L111C5-L128C6
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/StablecoinHandler.sol#L144C4-L181C6
lets consider a scenario, when user use defiToStableCoinSwap for X token --> USDC --> eUSdt
then after defi swap, the amount of token he recieved some of which will be transfered as feeToken and further will be used in defi swap . Now this token too can be there as fee Currency in stable coin swap. there too some tokens will be initially transferred to stableCoinFeeSafe. So if 100 uSDC would be obtain after giving some tokens to defi swap fees and then initailly if 5 tokens will be transferred to feeSafe it would be left with 95. So only 95 would be present in wallet.
but while doing burning or safeTransferFrom ( if usdc), ss.oAmount is used which will be 100. and that amount of tokens will be not there in wallet
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Only StableCoinSwap can be revert due to fee token is being same as ss.origin then , and fee will be given from ss.origin amount so there will be less token to burn or transfer from , so it will revert. Same can happen in DefiToStableCoin too
PoC
No response
Mitigation
Amount of tokens which is to be transfer in stablecoinSwap should be subtracted by feeAmount