Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

`sellProfits()` function will not work due to the missing approval

sobieski

Summary

The sellProfits() function in Fees contract is intended to swap the specified tokens to WETH using Uniswap's SwapRouter. This function will not work because the SwapRouter contract is never approved to spend the Fees contract's balance.

Vulnerability Details

The implementation of sellProfits function looks like this:

function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000, //@audit-info Magic number
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

It uses swapRouter contract's method exactInputSingle to swap the Fees contract's balance of token _profits to WETH. However, the Fees contract never approves the swapRouter to spend its balance of _profits token, therefore the function will always revert.

Impact

Function sellProfits() is not working.

Tools Used

Manual Review

Recommendations

Approve the swapRoute to spend the tokens before calling the exactInputSingle method.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.