cergyk - BaseLeverageExecutor::_swapAndTransferToSender will return wrong amount if TOFT wrapping has fees #46
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
cergyk
medium
BaseLeverageExecutor::_swapAndTransferToSender will return wrong amount if TOFT wrapping has fees
Summary
BaseLeverageExecutor::_swapAndTransferToSender does not account for fees which can be incurred when wrapping a TOFT. This will cause some calls in LeverageExecutors to systematically revert.
Vulnerability Detail
BaseLeverageExecutor::_swapAndTransferToSender implicitely considers that when wrapping, we get 1:1 TOFT token with regards to underlying:
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/leverage/BaseLeverageExecutor.sol#L154
It returns
amountOut
which is also the input to_handleToftWrapToSender
.However we can see that wrapping can incur some fees in some cases:
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/TapiocaZ/contracts/tOFT/mTOFT.sol#L300
This will cause BBLeverage/SGLLeverage functions
buyCollateral
andsellCollateral
to revert due to insufficient balancehttps://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/leverage/SimpleLeverageExecutor.sol#L60
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLeverage.sol#L144-L149
Impact
buyCollateral
andsellCollateral
will always revert for TOFT tokens having a minting feeCode Snippet
Tool used
Manual Review
Recommendation
In
_swapAndTransferToSender
, one should get the actual amount obtained from wrapping:Duplicate of #126
The text was updated successfully, but these errors were encountered: