Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lock user funds if the tokenManager contract is updated

bengalcatbalu

Summary

When TokenManager::Withdraw is called, if the output token == wrappedNativeToken the call is passed to TokenManager::_transfer, which in turn, in the absence of the required allowance from CapitalPool calls CapitalPool::approve.

However, consider CapitalPool::approve.

function approve(address tokenAddr) external {
address tokenManager = tadleFactory.relatedContracts(
RelatedContractLibraries.TOKEN_MANAGER
);
(bool success, ) = tokenAddr.call(
abi.encodeWithSelector(
APPROVE_SELECTOR,
tokenManager,
type(uint256).max
)
);
if (!success) {
revert ApproveFailed();
}
}

Note that it always goes to the last address of the tokenManager, which is obtained from the call address tokenManager = tadleFactory.relatedContracts( RelatedContractLibraries.TOKEN_MANAGER );

Therefore, if suddenly the address of the tokenManager contract changes (a new contract is created), users whose funds were stored at the address of the old one will not be able to withdraw, as the allowance for the old token manager will remain 0.

Impact

Severity: medium

Tools Used

Manual Review

Recommendations

Add the ability to get allowance to old tokenManager contract addresses

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.