Amusing Heather Cottonmouth
Medium
AmirX.swap() could make system's owner lost token because of inconsistency calculation in the line https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L93
In AmirX.sol:93 , ss.oAmount is assgined with unpredictable value because fBalance depends on _defiSwap() and _defiSwap() depends on external contract. Telcoin does not control the logic of external contract and this logic can be upgraded anytime by external party. While ss.tAmount is fixed before the transaction's execution
function swap(
address wallet,
bool directional,
StablecoinSwap memory ss,
DefiSwap memory defi
) external payable onlyRole(SWAPPER_ROLE) whenNotPaused {
// checks if it will fail
if (ss.destination != address(0)) _verifyStablecoinSwap(wallet, ss);
if (defi.walletData.length != 0) _verifyDefiSwap(wallet, defi);
if (directional) {
// if only defi swap
if (ss.destination == address(0)) _defiSwap(wallet, defi);
else {
// if defi then stablecoin swap
//check balance to adjust second swap
uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
//change balance to reflect change
if (fBalance - iBalance != 0) ss.oAmount = fBalance - iBalance;
_stablecoinSwap(wallet, ss);
}
} else {
// if stablecoin swap
_stablecoinSwap(wallet, ss);
// if only stablecoin swap
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
}
}- [ ]
No response
_defiSwap() depend on external exchange contract. If the external contract is upgraded or there are many other trade make _defiSwap does not return expected value, Telcoin could lost token
No response
Telcoin lost token with some external conditions
No response
Need to make sure ss.oAmount is in expected range