Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Profits could not be sold and get locked forever

trtrth

Summary

Function Fees.sellProfits(address) is used for swapping loan tokens for collateral tokens from liquidations using UniswapV3 swap router. However, Fees contract does not approve tokens to swap router so function sellProfits(address) will always fail

Vulnerability Details

There is no function to approve tokens or increase allowance in sellProfits's logics
https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Fees.sol#L26-L44

Impact

Loan tokens sent to Fees contract could not be sold to send to staking contract. So tokens locked in the contract forever

Tools Used

Foundry

Recommendations

Update the function logics like below:

using SafeERC20 for IERC20;
function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
IERC20(_profits).safeApprove(address(router), 0);
IERC20(_profits).safeApprove(address(router), amount);
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.