POB - POB - Lost funds in the AmirX::_buyBack function when DefiSwap.defiSafe is set to address(0)
#211
Comments
sherlock-admin3
changed the title
AmirX::_buyBack function when DefiSwap.defiSafe is set to address(0)AmirX::_buyBack function when DefiSwap.defiSafe is set to address(0)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
POB
Medium
POB - Lost funds in the
AmirX::_buyBackfunction whenDefiSwap.defiSafeis set toaddress(0)Summary
BuyBack can result in lost funds if
DefiSwap.defiSafeis not set. There is no check in theAmirX::_verifyDefiSwapfunction to ensure thatDefiSwap.defiSafeis not the zero address. In the BuyBack function, iffeeTokenisPOLand there is still POL remaining in the contract after the swap (address(this).balance > 0), the remaining POL will be sent to the zero address.Root Cause
In AmirX::_verifyDefiSwap function there is no check to ensure that
DefiSwap.defiSafeis not the zero address.Internal pre-conditions
DefiSwap.defiSafeshould be set to the zero address.address(feeToken) == POL.(bool polSwap,) = aggregator.call{value: msg.value}(swapData);, there should be remaining POL (address(this).balance > 0)Impact
The bug in the BuyBack function causes any remaining POL after the swap to be sent to the zero address, resulting in lost funds.
Mitigation
Add a condition in the
AmirX::_verifyDefiSwapfunction to check if a non-zeroDefiSwap.defiSafeaddress is provided.The text was updated successfully, but these errors were encountered: