hansfriese
medium
Minimum purchase amount check in yield
function is not correct.
In the yield
function, the protocol checks the minimum amount condition (Lender.sol#L952) and it is reverting when the purchased amount is equal to the minimum amount specified. I believe the writer intended to use the strict inequality.
function yield(
address u,
address y,
uint256 a,
address r,
address p,
uint256 m
) internal returns (uint256) {
// Get the starting balance (to verify receipt of tokens)
uint256 starting = IERC20(p).balanceOf(r);
// Get the amount of tokens received for swapping underlying
uint128 returned = IYield(y).sellBasePreview(Cast.u128(a));
// Send the remaining amount to the Yield pool
Safe.transfer(IERC20(u), y, a);
// Lend out the remaining tokens in the Yield pool
IYield(y).sellBase(r, returned);
// Get the ending balance of principal tokens (must be at least starting + returned)
uint256 received = IERC20(p).balanceOf(r) - starting;
// Verify receipt of PTs from Yield Space Pool
if (received <= m) { //@audit should be <
revert Exception(11, received, m, address(0), address(0));
}
return received;
}
Valid lending can be reverted.
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Lender.sol#L952
Manual Review
Revert only if the purchased amount is strictly below the minimum amount to purchase.