Assessment reportsPublic findings
Back to Zellic site
Assessment reports>WOOFi Swap>Discussion>Function `skimMulTokens` does not work
GeneralOverview
Findings
High (2)
Medium (3)
Low (2)
Informational (2)
DiscussionFunction `skimMulTokens` does not workThrowing Panic is not recommendedThe WooPPV2 contract doesn't need to be an admin
Threat ModelWhat are threat models?WooCrossChainRouterV4.solWooPPV2.solWooRouterV2.sol
Audit ResultsSummary

Function skimMulTokens does not work

In WooPPV2, the onlyAdmin function skim transfers to the owner any balance above the reserve of the token, which includes fees and tokens erroneously sent to the contract:

function skim(address token) public nonReentrant onlyAdmin {
    TransferHelper.safeTransfer(token, owner(), balance(token) - tokenInfos[token].reserve);
}

It also has a function skimMulTokens that calls this for multiple tokens:

function skimMulTokens(address[] memory tokens) external nonReentrant onlyAdmin {
    unchecked {
        uint256 len = tokens.length;
        for (uint256 i = 0; i < len; i++) {
            skim(tokens[i]);
        }
    }
}

However, the nonReentrant modifier is on both of these functions, which means that skimMulTokens will always revert due to the reentrancy guard.

This issue has been acknowledged by WOOFI, and a fix was implemented in commit c19894f9.

Zellic © 2024Back to top ↑