Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Token spending by Uniswap router doesn't get approved

KrisApostolov

Summary

Tokens do not get approved to be spent by the Uniswap router, which will always make sellProfits revert and lock any tokens sent to this contract in the process.

Vulnerability Details

In Fees.sol, sellProfits does not approve tokens to be spent by the Uniswap router. This will cause any call to sellProfits to always revert upon calling and will results in all tokens sent to the contract to be locked forever.

function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
// @audit The tokens do not get approved
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

Impact

This issue will make any ERC20 tokens sent to be contract to be permanently frozen in the contract, hence the high-severity of this finding.

Tools Used

Manual Review

Recommendations

Consider adding something like the following snippet just before to the function to mitigate the issue:

IERC20(_profits).approve(address(swapRouter), IERC20(_profits).balanceOf(address(this)))

Also, consider making the contract take the tokens out of the user upon calling so that even if something else makes the execution fail the funds will still be in the user's balance.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.