Submission Details
Severity:
send calls _debit with 4 parameters instead of 3
Summary
The removeAuctionConfig function cannot remove an auction if startCooldown == 0.
Vulnerability Details
The TempleGold::send function executes OFT's _debit function.
(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
msg.sender,
_sendParam.amountLD,
_sendParam.minAmountLD,
_sendParam.dstEid
);
However, the real _debit OFT implementation has 3 input parameters, not 4.
function _debit(
uint256 _amountLD,
uint256 _minAmountLD,
uint32 _dstEid
) internal virtual override returns (uint256 amountSentLD, uint256 amountReceivedLD) {
In the current code, _debit has not been overwritten, meaning it is still using the OFT base method. This will cause send to revert as it's trying to input 4 parameters into _debit, while it only accepts 3.
Impact
send will revert every time it's called.
Tools Used
Manual review
Recommendations
Remove the address parameter.
(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
- msg.sender,
_sendParam.amountLD,
_sendParam.minAmountLD,
_sendParam.dstEid
);
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Reason: Incorrect statement
Assigned finding tags:
send calls _debit with 4 parameters instead of 3
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.