buyAndReduceDebt()
function will revert while params.swapFeeBips != 0
#123
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-196
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/PaprController.sol#L226
Vulnerability details
Impact
The
buyAndReduceDebt()
function wrongly charges swap fee fromPaprController
contract itsself rather than themsg.sender
. As normally thePaprController
contract never holds any underlying asset, so the call tobuyAndReduceDebt()
will always revert whileparams.swapFeeBips != 0
.Proof of Concept
Code and audit comments related to the vulnerability
And the test case, put it into
BuyAndReduceDebt
contract oftest\paprController\BuyAndReduceDebt.t.sol
Run
forge test --match-test testBuyAndReduceDebtWithFeeRevert
, and the resultTools Used
foundry
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: