Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Submission Details
Severity: high
Valid

Redeem fails

Summary

Cannot redeem after depositing.

Vulnerability Details

After depositing the user is unable to redeem because of wrong calculation.

function testDepositMintsAssetAndUpdatesBalanceAndFailsToRedeemIt()
public
setAllowedToken
{
AssetToken asset = thunderLoan.getAssetFromToken(tokenA);
tokenA.mint(alice, AMOUNT);
tokenA.mint(bob, AMOUNT);
vm.startPrank(alice);
tokenA.approve(address(thunderLoan), AMOUNT);
thunderLoan.deposit(tokenA, AMOUNT);
vm.stopPrank();
vm.startPrank(bob);
tokenA.approve(address(thunderLoan), AMOUNT);
thunderLoan.deposit(tokenA, AMOUNT);
vm.stopPrank();
console.log(tokenA.balanceOf(address(asset)));
console.log(asset.balanceOf(alice));
console.log(asset.balanceOf(bob));
vm.prank(alice);
thunderLoan.redeem(tokenA, asset.balanceOf(alice));
//[FAIL. Reason: ERC20: burn amount exceeds balance]
}

Impact

High

Tools Used

Manual review, foundry

Recommendations

switch

- assetToken.transferUnderlyingTo(msg.sender, amountUnderlying);
+ assetToken.transferUnderlyingTo(msg.sender, amountOfAssetToken);
Updates

Lead Judging Commences

patrickalphac Auditor
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

can't redeem because of the update exchange rate

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.