Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Selling fee tokens for WETH is broken due to a lack of token spending allowance for the Uniswap V3 router

bernd

Summary

Received fee tokens in the Fees contract can not be swapped for WETH due to a lack of token spending allowance for the Uniswap V3 router.

Vulnerability Details

Received fee tokens are swapped via Uniswap V3 for WETH using the sellProfits function. However, the swap router lacks the necessary token spending allowance to perform the swap, leading to a revert of the transaction.

Fees.sol#L29

26: function sellProfits(address _profits) public {
27: require(_profits != WETH, "not allowed");
28: uint256 amount = IERC20(_profits).balanceOf(address(this));
29: @>
30: ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
31: .ExactInputSingleParams({
32: tokenIn: _profits,
33: tokenOut: WETH,
34: fee: 3000,
35: recipient: address(this),
36: deadline: block.timestamp,
37: amountIn: amount,
38: amountOutMinimum: 0,
39: sqrtPriceLimitX96: 0
40: });
41:
42: amount = swapRouter.exactInputSingle(params);
43: IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
44: }

Impact

The Uniswap V3 swap router lacks the necessary token spending allowance to perform the swap, leading to a revert of the transaction.

Tools Used

Manual Review

Recommendations

Consider adding the appropriate token approval before the swap in line 30.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.