Government NFT opening fees are burned instead of correctly distributed to holders #256
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-649
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L689
Vulnerability details
Impact
Outgoing opening fees are not being approved before calling the
GovNFT.sol: distribute()
function inTrading.sol: _handleOpenFees()
. Thus they cannot be transferred to the Government NFT contract and will be burned during opening.This makes the NFTs not worth as much and also breaks the intended flow of funds in the protocol.
The faulty
_handleOpenFees()
function is called in:The approval of
_tigAsset
is missing fromTrading.sol: _handleOpenFees()
function:The
approve()
function should be before the last line of the function above.Here is the distribute function, notice that it doesn't revert if the transfer of funds fails, it only returns which is why this bug is harder to notice:
Proof of Concept
This test displays the issue, please edit
test/07.Trading.js
to make this work. Also add thegovnft and GovNFT
variables fromtest/05.GovNFT.js
.Adding the approve function in the smart contract can be seen affect the pending rewards in the test.
Tools Used
Manual review with Visual Studio Code
Recommended Mitigation Steps
Call
IStable(_tigAsset).approve(address(gov), type(uint).max);
before distributing the funds to NFT holders as it is done correctly inTrading.sol: _handleCloseFees()
.After thinking for a while I will be submitting this as high since assets (GOV NFT rewards) can and will be lost (burned) if not fixed.
The text was updated successfully, but these errors were encountered: