Protocol cannot swap WETH token if it is a collateral
Summary
The swap function is used to swap collateral tokens between themselves. The issue is if WETH is used as collateral, the function will fail.
Vulnerability Details
The swap function calls getSwapAddressFor to handle native eth.
This function basically tells the contract that if the symbol passed correspond to native ETH, then the contract rewrites the address as WETH. Later after setting up the swap parameters, the function executes one of two logics.
The issue is that if a user uses actual WETH tokens as collateral, then the function will still call executeNativeSwapAndFee instead of executeERC20SwapAndFee even though WETH is an ERC20 token. This function will then revert since it will try to send the fee amount in eth, which it doesnt have.
This call will fail since the contract doesnt actually have any eth, and has only WETH.
Impact
Loans using WETH as collateral will have broken swaps.
Tools Used
Manual Review
Recommendations
Treat NATIVE as different from WETH, like it is done in curve protocol, where native ETH is represented in the pool as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE. This will void conflicts with WETH.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.