MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Token spending by Uniswap router doesn't get approved

smbv1923

Summary

Tokens do not get approved to be spent by the Uniswap router, which will always make L2TokenReceiver::swap() revert and lock any tokens sent to this contract in the process.

Vulnerability Details

In L2TokenReceiver.sol, swap does not approve tokens to be spent by the Uniswap router. This will cause any call to swap to always revert upon calling and will results in all tokens sent to the contract to be locked forever.

function swap(uint256 amountIn_, uint256 amountOutMinimum_) external onlyOwner returns (uint256) {
SwapParams memory params_ = params;
ISwapRouter.ExactInputSingleParams memory swapParams_ = ISwapRouter.ExactInputSingleParams({
tokenIn: params_.tokenIn,
tokenOut: params_.tokenOut,
fee: params_.fee,
recipient: address(this),
deadline: block.timestamp,
amountIn: amountIn_,
amountOutMinimum: amountOutMinimum_,
sqrtPriceLimitX96: params_.sqrtPriceLimitX96
});
uint256 amountOut_ = ISwapRouter(router).exactInputSingle(swapParams_);
emit TokensSwapped(params_.tokenIn, params_.tokenOut, amountIn_, amountOut_, amountOutMinimum_);
return amountOut_;
}

Impact

This issue will make any ERC20 tokens sent to be contract to be permanently frozen in the contract, hence the high-severity of this finding

Tools Used

Manual Review

Recommendations

Approve the contract for the amount of tokens sent.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.