PNS - MorphoLeverageModule._executeTrade may not work with some tokens such as USDT
#46
Comments
sherlock-admin2
changed the title
MorphoLeverageModule._executeTrade may not work with some tokens such as USDTMorphoLeverageModule._executeTrade may not work with some tokens such as USDT
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PNS
Medium
MorphoLeverageModule._executeTrademay not work with some tokens such as USDTSummary
The USDT token requires first resetting to 0 when changing the allowance, which is not done with
_executeTrade.Root Cause
When changing the allowance for the next trade, the allowance should first be set to 0 for USDT.
Internal pre-conditions
No response
External pre-conditions
After the previous exchange using
exchange Adapterthe allowance was not fully used, which is why its value is different from 0.Attack Path
The
lever/deleverfunction can be called with various adapters to perform a token exchange, depending on the implementation, they may not fully utilize the granted allowance for the token being exchanged. This will result in tokens such as USDT not being able to perform another trade, because changing from a non-zero allowance to another one is not possible.MorphoLeverageModule._executeTrade
Impact
Attempting to call the
lever/deleverfunction and similar ones using the internal function_executeTradewill cause the transaction to revert. This will make the position unable to be balanced, which may lead to liquidation and financial loss.Additionally, the main functions of the module will not work correctly.
PoC
No response
Mitigation
As in modules already implemented, e.g.
AaveV3LeverageModule, you should first change the allowance to 0 and only then set a new non-zero value.AaveV3LeverageModule.sol
The text was updated successfully, but these errors were encountered: