Overt Tweed Stork
High
DefiSwap.plugIn can never collect referralFee from AmirX contract i.e reward distribution will be failed
referralFee amount of Telcoin is transferred to DefiSwap.defiSafe during fee dispersal, for this reason the SimplePlugin contract can't transfer the referralFee from AmirX contact in spite of having approval for the amount.
The root cause of the issue is the referralFee is transferred to the DefiSwap.defiSafe just after approving the SimplePlugin/DefiSwap.plugin contract.
None.
None.
There is no attack path because it is a business logic bug, In _feeDispersal() the plugin contract is approved by the AmirX contract for the referralFee amount. But just after the approval all Telcoin of the AmirX contract is sent to the DefiSwap.defiSafe, for that reason the AmirX contract does not have any Telcoin left in it's balance. Now when the plugin contract will try to transfer referralFee amount of Telcoin from the AmirX contact then the tx will be failed with ERC20InsufficientBalance error because the AmirX contract does not have enough Telcoin to transfer.
Reward distribution will fail.
Instead of approving the plugin transfer the referralFee to it.