Omniscia Mean Finance Audit
TakeAndRunSwap Manual Review Findings
TakeAndRunSwap Manual Review Findings
TAR-01M: Inexistent Validation of Ether Value
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | TakeAndRunSwap.sol:L30-L39 |
Description:
The takeAndRunSwap function will properly fail if insufficient native funds have been sent to the contract (either directly or as part of the call) for the else execution path that attempts to send _parameters.maxAmountIn to the swapper, however, the code will properly execute without an error if native funds have been sent in the takeAndRunSwap call but the tokenIn is not the PROTOCOL_TOKEN, a case that should be prohibited.
Impact:
In the current implementation, it is possible for native funds to be lost and stolen either deliberately or accidentally by other parties as any native funds sent to the takeAndRunSwap call without the PROTOCOL_TOKEN specified will remain in the contract until claimed by another native-fund using transaction.
Example:
29function takeAndRunSwap(TakeAndRunSwapParams calldata _parameters) public payable virtual onlyAllowlisted(_parameters.swapper) {30 if (_parameters.tokenIn != PROTOCOL_TOKEN) {31 _takeFromMsgSender(IERC20(_parameters.tokenIn), _parameters.maxAmountIn);32 _maxApproveSpenderIfNeeded(33 IERC20(_parameters.tokenIn),34 _parameters.allowanceTarget,35 _parameters.swapper == _parameters.allowanceTarget, // If target is a swapper, then it's ok as allowance target36 _parameters.maxAmountIn37 );38 _executeSwap(_parameters.swapper, _parameters.swapData, 0);39 } else {40 _executeSwap(_parameters.swapper, _parameters.swapData, _parameters.maxAmountIn);41 }42 if (_parameters.checkUnspentTokensIn) {43 _sendBalanceOnContractToRecipient(_parameters.tokenIn, msg.sender);44 }45}Recommendation:
We advise the contract to properly validate that no native funds were sent if _parameters.tokenIn != PROTOCOL_TOKEN.
Alleviation:
The Mean Finance team stated that due to the contract's intention to be utilized with multi-calls, it is impossible to deduce whether the ether natively sent was meant for this particular function or whether it was accidentally sent. As a result, they are unable to protect against accidental transfers. In this case, we consider the exhibit as an acknowledged issue that cannot be alleviated in the codebase.