Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Missing Token Approval for Uniswap Router

auditism

Summary

The contract may fail to perform swaps due to missing approval for the Uniswap Router to spend the tokens being swapped.

Vulnerability Details

In the sellProfits() function, the contract tries to perform a swap using Uniswap Router but does not call the approve() function of the _profits token contract to grant the Uniswap Router the permission to spend the tokens. This may prevent Uniswap from executing the swap, leading to transaction failure.

Impact

If the Uniswap Router is not granted the permission to spend the tokens, any attempts to perform a swap through the sellProfits() function will fail. This will lead to the locking of tokens within the contract.

Tools Used

Manual review

Recommendations

Add an approve() call before executing the swap, such as:
IERC20(_profits).approve(address(swapRouter), amount);.
The contract that initiates the swap needs to have approved the Uniswap Router to spend the tokens being sold.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.