LethL - User cannot call the function that using burnFrom() for the TAU tokens

[sherlock-admin]

LethL

high

User cannot call the function that using burnFrom() for the TAU tokens

Summary

The function that uses burnFrom() to burn tokens can cause problems because it requires a certain allowance. In this case, the function will revert, preventing users from executing the function and breaking the logic.

Reference: code-423n4/2022-03-joyn-findings#80

Vulnerability Detail

For example:

The distributeTauRewards() function uses ERC20Burnable(tau).burnFrom(msg.sender, amount) to burn tokens from the msg.sender. However, the use of the burnFrom() function can result in serious issues.

In fact, many ERC20 tokens require that the allowance[from][msg.sender] >= amount in burnFrom() function. In this case, the call to the distributeTauRewards() function will revert as the allowance[TauDripFeed][TauDripFeed] == 0, and therefore users cannot deposit TAU to the contract. This can break the business logic.

Furthermore, the burnFrom() function has also been used in the _modifyPosition() function to repay debt and in the liquidate() function to liquidate an account for users and liquidators.

Impact

The user is unable to repay their TAU debt and deposit TAU into the contract.
The liquidator cannot use the liquidate() function to liquidate an account.
This can potentially disrupt the business logic.

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L300

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L376

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/TauDripFeed.sol#L53

Tool used

Manual Review

Recommendation

Replace burnFrom() function with burn() function since all the addresses used as parameters in burnFrom() function refer to msg.sender.

Duplicate of #149