Micro Carrot Woodpecker
High
The functions related to buyback and defiswap mechanisms in the protocol are missing the payable modifier, which prevents them from accepting Ether (or MATIC on Polygon). This omission results in failed transactions when users attempt to interact with these functions by sending funds, as these functions are expected to handle Ether or MATIC for token buybacks or swaps. https://github.com/sherlock-audit/2024-11-telcoin/blob/b9c751b59e78a7123a636e31ecafc9147046f190/telcoin-audit/contracts/swap/AmirX.sol#L224C3-L253C6
-
_buyBack: The function is missing the payable modifier, which prevents it from accepting ETH for buybacks, particularly when using POL through an aggregator.
-
_defiSwap: Similarly, this function lacks the payable modifier, blocking it from processing ETH during wallet interactions that may involve sending ETH with defi.walletData.
No response
No response
- A payable function calls _buyBack, expecting POL to be transferred for buyback operations, but it fails because the function cannot accept msg.value
- _defiSwap is called with defi.walletData that requires POL. The call fails because _defiSwap cannot accept msg.value.
This causes the function to revert and prevents it from accepting msg.value, as msg.value cannot be accessed in a non-payable function.
No response
Add the payable modifier to both _buyBack and _defiSwap