Skip to content

Latest commit

 

History

History
51 lines (38 loc) · 1.42 KB

087.md

File metadata and controls

51 lines (38 loc) · 1.42 KB
Raw

Acidic Raspberry Rook

Medium

DaoCollateral swap function does not check if the rwa token is a valid collateral

Description

In Dao collateral, the code swap is:

https://github.com/sherlock-audit/2024-10-usual-labs-v1/blob/4fb4a64a479e0b9b8f93934220e891c29d54df33/pegasus/packages/solidity/src/daoCollateral/DaoCollateral.sol#L693

 function swap(address rwaToken, uint256 amount, uint256 minAmountOut)
        public
        nonReentrant
        whenSwapNotPaused
        whenNotPaused
    {
        uint256 wadQuoteInUSD = _swapCheckAndGetUSDQuote(rwaToken, amount);
        // Check if the amount is greater than the minAmountOut
        if (wadQuoteInUSD < minAmountOut) {
            revert AmountTooLow();
        }
        _transferRWATokenAndMintStable(rwaToken, amount, wadQuoteInUSD);
        // Emit the event
        emit Swap(msg.sender, rwaToken, amount, wadQuoteInUSD);
    }

the check below is missing, this means that even a rwa token is disabled user can still mint the token out.

    // check that rwaToken is a RWA token
        if (!_daoCollateralStorageV0().tokenMapping.isUsd0Collateral(rwaToken)) {
            revert InvalidToken();
        }

Recommendation

add the check to swap function as well.

    // check that rwaToken is a RWA token
        if (!_daoCollateralStorageV0().tokenMapping.isUsd0Collateral(rwaToken)) {
            revert InvalidToken();
        }