zhuying - The functions about permit
won't work and always revert
#40
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
zhuying
high
The functions about
permit
won't work and always revertSummary
The functions about
permit
won't work and always revertVulnerability Detail
JalaRouter02.sol
has functions (removeLiquidityWithPermit
/removeLiquidityETHWithPermit
/removeLiquidityETHWithPermitSupportingFeeOnTransferTokens
) aboutpermit
. These functions will callpermit
function inJalaPair.sol
.JalaPair
is inherited fromJalaERC20
. AlthoughJalaERC20
is out of scope. But bothJalaPair
andJalaERC20
have nopermit
functions. So when you callremoveLiquidityWithPermit
/removeLiquidityETHWithPermit
/removeLiquidityETHWithPermitSupportingFeeOnTransferTokens
, it will always revert.POC
Add this test function in
JalaRouter02.t.sol
.Impact
We can't remove liquidity by using
permit
.Code Snippet
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaRouter02.sol#L150-L167
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaRouter02.sol#L169-L185
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaRouter02.sol#L202-L225
Tool used
manual review and foundry
Recommendation
Implement
permit
function inJalaERC20
. Reference: https://github.com/Uniswap/v2-core/blob/master/contracts/UniswapV2ERC20.sol.The text was updated successfully, but these errors were encountered: