[H-05] Not minting iPTs for lenders in several lend functions #391
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
3 (High Risk)
sourabhmarathe
added
the
sponsor confirmed
This was referenced Jun 29, 2022
This was referenced Jul 7, 2022
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/lender/Lender.sol#L247-L305
https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/lender/Lender.sol#L317-L367
https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/lender/Lender.sol#L192-L235
Vulnerability details
Impact
Using any of the
lendfunction mentioned, will result in loss of funds to the lender - as the funds are transferred from them but no iPTs are sent back to them!Basically making lending via these external PTs unusable.
Proof of Concept
There is no minting of iPTs to the lender (or at all) in the 2
lendfunctions below:https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/lender/Lender.sol#L247-L305
https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/lender/Lender.sol#L317-L367
Corresponding to lending of (respectively):
swivel
element
Furthermore, in:
https://github.com/code-423n4/2022-06-illuminate/blob/912be2a90ded4a557f121fe565d12ec48d0c4684/lender/Lender.sol#L227-L234
Comment says "Purchase illuminate PTs directly to msg.sender", but this is not happening. sending yield PTs at best.
Recommended Mitigation Steps
Mint the appropriate amount of iPTs to the lender - like in the rest of the lend functions.
The text was updated successfully, but these errors were encountered: