Allowance check always true in ERC5095 redeem #173
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2022-06-illuminate/blob/217ddfef05bc9df5c7b94f1c3226a46ee136b57d/marketplace/ERC5095.sol#L116
Vulnerability details
Impact
In
redeem
, it is checked that the allowance is larger thanunderlyingAmount
, which is the return parameter (i.e., equal to 0 at that point). Therefore, this check is always true and there is no actual allowance check, allowing anyone to redeem for another user.Recommended Mitigation Steps
Change the
underlyingAmount
toprincipalAmount
, which is the intended parameter.The text was updated successfully, but these errors were encountered: