`fulfillSwap` will not work due to not enough approved assets
Summary
During the fulfillSwap, assets from the vault are swapped for USD based on the different factors such as debt to credit ratio, current price of the asset etc. The problem here is that only the keepers can execute the fulfillSwap, but on the other hand only the owner can approve assets to be used by the swap using updateVaultAssetAllowance.
Vulnerability Details
The current implementation creates a potential operational bottleneck and risk of transaction failure:
The owner has approved 10 assets for use in Vault A.
A keeper attempts to execute fulfillSwap for 100 assets, but the vault does not have sufficient approved assets.
The owner must manually intervene to approve additional assets before the swap can proceed.
This separation of responsibilities (owner for approvals and keeper for execution) can lead to delays or failed transactions if the owner does not promptly update the allowance when required.
Impact
-
Operational Delays: If the owner does not approve sufficient assets in time, the fulfillSwap transaction will fail, leading to delays in executing swaps.
-
Financial Loss: Failed swaps could result in missed opportunities or unfavorable market conditions, potentially causing financial losses.
-
Inefficiency: The need for manual intervention by the owner reduces the efficiency and automation of the system.
Tools Used
Manual review
Recommendations
Implement a mechanism to automatically adjust the allowance based on the requirements of pending swaps.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.