Skip to content

Latest commit

 

History

History
74 lines (58 loc) · 3.74 KB

090.md

File metadata and controls

74 lines (58 loc) · 3.74 KB
Raw

Raspy Syrup Otter

Medium

Unrestricted Swap Execution Due to Missing walletData Validation

Summary

In the swap function, the system does not validate the walletData parameter before performing swaps in case of directional is true and only defi swap ( ss.destination == address(0) ). This lack of validation allows for an empty walletData parameter to bypass certain checks, resulting in the ability to initiate potentially unintended or unauthorized transactions.

Vulnerability Detail

The swap function is intended to execute either a DeFi swap, a stablecoin swap, or both, depending on the inputs provided. However, there is no validation to ensure that walletData is populated in case of directional is true and only defi swap ( ss.destination == address(0) ). This missing check allows the function to execute even if walletData is empty, which means that:

  1. _defiSwap may be called with an empty walletData, leading to unexpected behavior in downstream functions.
  2. The contract might perform no-op calls that bypass certain checks or fees, depending on the function logic.

This issue arises because _defiSwap is called without verifying the content of walletData, enabling a swap execution flow that does not adhere to the intended logic and potentially exposing the contract to further risks.

    function swap(
        address wallet,
        bool directional,
        StablecoinSwap memory ss,
        DefiSwap memory defi
    ) external payable onlyRole(SWAPPER_ROLE) whenNotPaused {
        // checks if it will fail
        if (ss.destination != address(0)) _verifyStablecoinSwap(wallet, ss);
        if (defi.walletData.length != 0) _verifyDefiSwap(wallet, defi);

        if (directional) {
            // if only defi swap
            if (ss.destination == address(0)) _defiSwap(wallet, defi); //-----> @audit missing checks for defi.walletData.length
            else {
                // if defi then stablecoin swap
                //check balance to adjust second swap
                uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
                if (defi.walletData.length != 0) _defiSwap(wallet, defi);
                uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
                //change balance to reflect change
                if (fBalance - iBalance != 0) ss.oAmount = fBalance - iBalance;
                _stablecoinSwap(wallet, ss);
            }
        } else {
            // if stablecoin swap
            _stablecoinSwap(wallet, ss);
            // if only stablecoin swap
            if (defi.walletData.length != 0) _defiSwap(wallet, defi);
        }
    }

Impact

Medium — Missing validation allows for unintended transaction execution, potentially bypassing critical checks.

Code Snippet

Location: AmirX.sol, swap function

Tools Used

Manual Review

Recommendation

Since _defiSwap is used in other functions too modify _defiSwap function to enforce validation of walletData

function _defiSwap(address wallet, DefiSwap memory defi) internal {
+    require(defi.walletData.length > 0, "AmirX: walletData is empty");  // Ensure walletData is populated

    // user's interaction
    (bool walletResult, ) = wallet.call{value: 0}(defi.walletData);
    require(walletResult, "AmirX: wallet transaction failed");

    _feeDispersal(defi);
}