Submission Details
Severity:
`sellProfits` function does not work because of lack of approved tokens
Summary
The sellProfits function cannot swap tokens as intended because the IERC20(_profits) tokens are not approved by the contract.
Vulnerability Details
The swapRouter.exactInputSingle(params) call will always fail because the swapRouter did not receive allowance to spend the _profits tokens.
File: Fees.sol
L26: function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
// @audit - Lack of approve token
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}
https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Fees.sol#L26
Impact
Funds are locked in the contract and the sellProfits function will always revert.
Tools Used
Manual review
Recommendations
Add a token approve before calling the Uniswap exactInputSingle function
IERC20(_profits).approve(address(swapRouter), amount);
Unit tests should also be added.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.