Skip to content

Latest commit

 

History

History
64 lines (40 loc) · 2.54 KB

035.md

File metadata and controls

64 lines (40 loc) · 2.54 KB
Raw

Late Hotpink Dinosaur

Medium

Inconsistent Balance Change Validation Between swap() and defiToStablecoinSwap() Functions Leads to Bookkeeping Discrepancies and Potential Losses

Summary

Inconsistent balance change validation between swap() and defiToStablecoinSwap() will cause a discrepancy in recorded origin amounts for protocol bookkeeping when partial or failed DeFi swaps occur, as the defiToStablecoinSwap() function unconditionally updates oAmount while swap() only updates on non-zero changes. This can lead to completion of partial operations with incorrect amounts.

Root Cause

In telcoin-audit/contracts/swap/AmirX.sol at https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L93, the check for non-zero balance change is present in swap() but missing in defiToStablecoinSwap():

// In swap():
if (fBalance - iBalance != 0) ss.oAmount = fBalance - iBalance; //Additional check

// In defiToStablecoinSwap():
ss.oAmount = fBalance - iBalance; // Missing check

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. User initiates a defiToStablecoinSwap with a target amount of 100
  2. DeFi swap executes with partial fill, resulting in zero balance change
  3. defiToStablecoinSwap records the swap as 0 origin stablecoin → 100 target stablecoin
  4. If the same scenario occurs in swap(), it would not update oAmount due to the balance change check

Impact

While wallet and hence defiswap is out of scope, the protocol is likely to face few issues:

  1. Inconsistent Bookkeeping:
  • swap(): Will maintain original oAmount if balance change is zero
  • defiToStablecoinSwap(): Will record the actual oAmount which is zero
  1. Failed Mints and Zero Amount Operations:
  • In cases where the DeFi swap completely fails (returning 0 balance change), defiToStablecoinSwap() will proceed with oAmount = 0
  • This will cause the subsequent stablecoin operations to either:
    • Fail silently if trying to mint with 0 amount
    • Create misleading transaction records with 0 amount mints
    • Waste gas on unnecessary transactions
  • The swap() function prevents this by checking for non-zero balance changes
  1. Potential Financial Losses:
  • Protocol may be reconciling transactions using these amounts for partial operations. The reconciliation will fail for swap and protocol may fail to take actions like completing the remaining defi swap in timely manner resulting in potential losses.

PoC

No response

Mitigation

No response