Amusing Heather Cottonmouth
Medium
The _buyBack() function is used to buy TELCOIN by using POL, however the aggregator could return unexpected amount, so there is not enough token to transfer to referer https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L232
In AmirX:232, the aggregator could return an amount of token that not enough to pay to referrer. So the execution below could be failed: https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L195
Look at the part for distribute reward, it could failed for insufficient amount of token from _buyBack()
function _feeDispersal(DefiSwap memory defi) internal {
// must buy into TEL
if (defi.feeToken != TELCOIN)
_buyBack(
defi.feeToken,
defi.aggregator,
defi.defiSafe,
defi.swapData
);
// distribute reward
if (defi.referrer != address(0) && defi.referralFee != 0) {
TELCOIN.forceApprove(address(defi.plugin), 0);
TELCOIN.safeIncreaseAllowance(
address(defi.plugin),
defi.referralFee
);
require(
defi.plugin.increaseClaimableBy(
defi.referrer,
defi.referralFee
),
"AmirX: balance was not adjusted"
);
}
// retain remainder
if (TELCOIN.balanceOf(address(this)) > 0)
TELCOIN.safeTransfer(
defi.defiSafe,
TELCOIN.balanceOf(address(this))
);
}No response
No response
No response
The external condition could make the transaction failed without control
No response
No response