Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Users can't call `createOffer()`, `createTaker()`, `listOffer()`, `relistOffer()` functions with the wrapped native token like `WETH`

kupiasec

Github link

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L79-90

Summary

TokenManager.tillIn() function transfer tokens from _accountAddress to CapitalPool contract. However, for wrapped native tokens like WETH, this function is reverted. As a result, users can't call the createOffer(), createTaker(), listOffer(), relistOffer() functions with the wrapped native token. This breaks core functionality of the protocol.

Vulnerability Details

Users who are going to call he createOffer(), createTaker(), listOffer(), relistOffer() functions with the wrapped native token like WETH should transfer tokens to CapitalPool.
TokenManager.tillIn() function is used to transfer tokens from _accountAddress to CapitalPool contract.
However, due to incorrect conditional check at L86, it reverts.
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L86

L86: if (msg.value < _amount) {

revert Errors.NotEnoughMsgValue(msg.value, _amount);

}

Example Scenario

Alice is going to create offer with 10 WETH.
She approves 10 WETH to the CapitalPool contract and call the createOffer() function.
However, as msg.value = 0 and _amount = 10e18, it is reverted.

Impact

Users can't call the createOffer(), createTaker(), listOffer(), relistOffer() functions with the wrapped native token like WETH. This breaks core functionality of the protocol.

Tools Used

Manual Review

Recommendations

It is recommended to implement the logic to handle the wrapped native tokens like WETH.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-TokenManager-tillin-wrapper-inconsistent

Valid medium severity, given it is noted in contest READ.ME that any standard ERC20 tokens should be supported. Although arguably could be low severity, given users can simply unwrap WETH to native ETH and perform the deposits via `tillIn()`, I will leave open for discussions, but taking READ.ME as the source of truth, I believe medium severity is appropriate, given it is explicitly noted that this token should be compatible#9##. The fix would be to utilize a zero address or equivalent to represent native ETH when wrapping to WETH. > Tokens: - ETH - WETH - ERC20 (any token that follows the ERC20 standard)

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.