You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
There can only ever be one market with USDT as the underlying
Summary
There can only ever be one market with USDT as the underlying
Vulnerability Detail
USDT, and other tokens that have approval race protections will revert when approve() is called if the current approval isn't currently zero. The MarketPlace contract always approves the underlying during market creation, and on the second market created, the creation will revert.
Impact
Smart contract unable to operate due to lack of token funds
No USDT markets except for the first one will be able to be created. An admin can work around this by passing 0x0 as every entry in the principal array, and later calling setPrincipal(), but this is error-prone, especially since once set, principals are immutable.
// File: src/MarketPlace.sol : MarketPlace.createMarket() #1178// Set the market179 markets[u][m] = market;
180181// Have the lender contract approve the several contracts182: @>ILender(lender).approve(u, e, a, t[7]);
IllIllI
medium
There can only ever be one market with USDT as the underlying
Summary
There can only ever be one market with USDT as the underlying
Vulnerability Detail
USDT, and other tokens that have approval race protections will revert when
approve()
is called if the current approval isn't currently zero. TheMarketPlace
contract always approves the underlying during market creation, and on the second market created, the creation will revert.Impact
Smart contract unable to operate due to lack of token funds
No USDT markets except for the first one will be able to be created. An admin can work around this by passing
0x0
as every entry in the principal array, and later callingsetPrincipal()
, but this is error-prone, especially since once set, principals are immutable.Code Snippet
Marketplace.createMarket()
unconditionally callsLender.approve()
:https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Marketplace.sol#L178-L182
approve()
is called on the underlying if thee
,a
, ort[7]
arguments are non-null:https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Lender.sol#L194-L214
If CTokens ever are upgraded to have the protection, a similar approval issue will occur for the PTs themselves.
Tool used
Manual Review
Recommendation
Modify
Safe.approve()
to always callapprove(0)
before doing the real approvalThe text was updated successfully, but these errors were encountered: