Submission Details
Severity:
Redeem fails
Summary
Cannot redeem after depositing.
Vulnerability Details
After depositing the user is unable to redeem because of wrong calculation.
function testDepositMintsAssetAndUpdatesBalanceAndFailsToRedeemIt()
public
setAllowedToken
{
AssetToken asset = thunderLoan.getAssetFromToken(tokenA);
tokenA.mint(alice, AMOUNT);
tokenA.mint(bob, AMOUNT);
vm.startPrank(alice);
tokenA.approve(address(thunderLoan), AMOUNT);
thunderLoan.deposit(tokenA, AMOUNT);
vm.stopPrank();
vm.startPrank(bob);
tokenA.approve(address(thunderLoan), AMOUNT);
thunderLoan.deposit(tokenA, AMOUNT);
vm.stopPrank();
console.log(tokenA.balanceOf(address(asset)));
console.log(asset.balanceOf(alice));
console.log(asset.balanceOf(bob));
vm.prank(alice);
thunderLoan.redeem(tokenA, asset.balanceOf(alice));
//[FAIL. Reason: ERC20: burn amount exceeds balance]
}
Impact
High
Tools Used
Manual review, foundry
Recommendations
switch
- assetToken.transferUnderlyingTo(msg.sender, amountUnderlying);
+ assetToken.transferUnderlyingTo(msg.sender, amountOfAssetToken);
Updates
Lead Judging Commences
patrickalphac
over 1 year ago
0xnevi over 1 year ago
Submission Judgement Published Assigned finding tags:
can't redeem because of the update exchange rate
Rewards breakdown
nSLOC
387This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.