Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

pashov - Missing token approvals can result in DoS in Marketplace.sol #171

Closed
sherlock-admin opened this issue Nov 10, 2022 · 0 comments
Closed

pashov - Missing token approvals can result in DoS in Marketplace.sol #171

sherlock-admin opened this issue Nov 10, 2022 · 0 comments
Labels
Duplicate Medium

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Nov 10, 2022
edited
Loading

pashov

medium

Missing token approvals can result in DoS in Marketplace.sol

Summary

The setPrincipal method approves Notional but not the other protocols

Vulnerability Detail

The setPrincipal() method in Marketplace.sol calls the Lender.sol approve method for Notional, but it doesn't do the same for APWine or Element even though the approve method explicitly shows they need approvals too. This can result in a DoS if functionality is used where APWine or Element functionality that uses safeTransferFrom because it won't have the necessary approvals.

Impact

The impact will be DoS on functionality using APWine and Element in Marketplace.sol

Code Snippet

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Marketplace.sol#L209

Tool used

Manual Review

Recommendation

Make the setPrincipal() method call ILender(lender).approve() for APWine & Element as well

Duplicate of #40
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin