Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Resonate>Informational findings>Failed approval check in ,calculateAndClaimInterest
GeneralOverview
Findings
Critical (2)
Medium (1)
Low (2)
Informational (2)Failed approval checkMissing correct event information
DiscussionOracle attacksReentrancyCode maturityComposablity
Audit ResultsAudit Results
Category: Coding Mistakes

Failed approval check in calculateAndClaimInterest

Informational Severity
Informational Impact
N/A Likelihood

Description

The allowance check for token transfer approval always fails in calculateAndClaimInterest(...):

) public override onlyMaster returns (uint interest, uint sharesRedeemed) {
    IERC4626 vault = IERC4626(vaultAdapter);
    if(IERC20(vaultToken).allowance(address(this), vaultAdapter) < interest) {
        IERC20(vaultToken).approve(vaultAdapter, type(uint).max);
    }

The if statement will always fail because interest has not been initialized from zero.

Impact

Minimal - other functions in ResonateSmartWallet will be called that also set the token transfer approval to max. In the worst case scenario, the very first producer order will be delayed in claiming interest until the first consumer order reclaims their principal.

Recommendations

Change interest to totalShares in the if control statement.

Remediation

This finding was remediated by Revest in commit 6b1b81f6c0310297f5b6cd9a258b99e43c61b092.

Zellic © 2024Back to top ↑