Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brave Plum Shetland - Lack of Explicit Check for LST Token Approval #242

Open
sherlock-admin3 opened this issue Dec 31, 2024 · 0 comments
Open

Brave Plum Shetland - Lack of Explicit Check for LST Token Approval #242

sherlock-admin3 opened this issue Dec 31, 2024 · 0 comments

Comments

@sherlock-admin3
Copy link
Contributor

Brave Plum Shetland

Medium

Lack of Explicit Check for LST Token Approval

Summary

https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/NumaProtocol/NumaVault.sol#L1144-L1149
The liquidateLstBorrower function assumes that the lstAmount has been approved for transfer to the contract. If approval is not given, the function will fail.

Vulnerability Details

Vulnerability Type: Missing allowance check

Severity: Medium

Likelihood: Moderate

Impact: If the LST token is not approved for transfer to the contract, the SafeERC20.safeTransferFrom will fail, potentially preventing the liquidation process from proceeding.

Cause: The code does not explicitly verify if the contract has sufficient allowance to transfer lstAmount before calling SafeERC20.safeTransferFrom.

Proof of Concept (PoC)

// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

// Mock contract to simulate the `liquidateLstBorrower` function with the missing allowance check
contract LstLiquidation {

    using SafeERC20 for IERC20;

    address public lstToken;

    constructor(address _lstToken) {
        lstToken = _lstToken;
    }

    /**
     * @notice Simulate liquidateLstBorrower function
     * @param _borrower Borrower address
     * @param _lstAmount Amount of LST tokens to be liquidated
     */
    function liquidateLstBorrower(address _borrower, uint256 _lstAmount) external {
        // Missing allowance check (the vulnerability)
        SafeERC20.safeTransferFrom(
            IERC20(lstToken),
            msg.sender,
            address(this),
            _lstAmount
        );

        // Proceed with liquidation logic (mocked)
        // This part would perform liquidation logic (mocked for PoC purposes)
    }
}

A user attempts to call liquidateLstBorrower with lstAmount but has not previously approved the contract to transfer lstAmount of LST tokens.
The transaction fails at the SafeERC20.safeTransferFrom line due to insufficient allowance, halting the liquidation.

Recommendations

Add an explicit check for sufficient allowance before calling SafeERC20.safeTransferFrom.
Example:

require(IERC20(address(lstToken)).allowance(msg.sender, address(this)) >= lstAmount, "Insufficient allowance");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3