Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Unable to support WETH as the collateral token

gajiknownnothing

Summary

The TokenManager::tillIn() function forces users to use wrappedNativeToken (WETH) as the _tokenAddress when depositing ETH. This restriction prevents users from using WETH as collateral independently, as it inadvertently wraps ETH even when WETH is used directly.

Vulnerability Details

The market supports ETH and WETH both:

Tokens:
- ETH
- WETH
- ERC20 (any token that follows the ERC20 standard)

The function TokenManager::tillIn() uses the wrappedNativeToken to represent the address of the native token, which is typically WETH on Ethereum. This function requires users to specify _tokenAddress as wrappedNativeToken to deposit the native token (ETH).

ETH as Collateral: When users wish to use ETH as collateral, they must specify WETH as the _tokenAddress to satisfy the condition _tokenAddress == wrappedNativeToken.

WETH as Collateral: When users attempt to use WETH as collateral, they approve the corresponding amount of WETH to the contract. The condition _tokenAddress == wrappedNativeToken is true as _tokenAddress is WETH, the transaction will be reverted since users will not deposit ETH in this case.

File: TokenManager.sol

56: function tillIn(

...

79:> if (_tokenAddress == wrappedNativeToken) {

80: /**

81: * @dev token is native token

82: * @notice check msg value

83: * @dev if msg value is less than _amount, revert

84: * @dev wrap native token and transfer to capital pool

85: */

86:> if (msg.value < _amount) {

87: revert Errors.NotEnoughMsgValue(msg.value, _amount);

88: }

89: IWrappedNativeToken(wrappedNativeToken).deposit{value: _amount}();

90: _safe_transfer(wrappedNativeToken, capitalPoolAddr, _amount);

91: } else {

92: /// @notice token is ERC20 token

93: _transfer(

94: _tokenAddress,

95: _accountAddress,

96: capitalPoolAddr,

97: _amount,

98: capitalPoolAddr

99: );

100: }

Impact

The inability to support WETH as collateral tokens.

Tools Used

vscode

Recommendations

Using an unique address to represent the native token.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-TokenManager-tillin-wrapper-inconsistent

Valid medium severity, given it is noted in contest READ.ME that any standard ERC20 tokens should be supported. Although arguably could be low severity, given users can simply unwrap WETH to native ETH and perform the deposits via `tillIn()`, I will leave open for discussions, but taking READ.ME as the source of truth, I believe medium severity is appropriate, given it is explicitly noted that this token should be compatible#9##. The fix would be to utilize a zero address or equivalent to represent native ETH when wrapping to WETH. > Tokens: - ETH - WETH - ERC20 (any token that follows the ERC20 standard)

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.