supplyCaps[cToken] is used to cap the supply of cToken. It can be set by _setMarketSupplyCaps.
mintAllowed() is used to check that allowed to mint tokens.
suppose current totalSupplyUnderlying is 10000 then it should not let supplyCaps[cToken] to less than 10000.
but here _setMarketSupplyCaps is not checking that current totalSupplyUnderlying should be less than newSupplyCap.
mintAllowed is being used in mintFresh() function of CToken.sol. add check for totalSupplyUnderlying <= newSupplyCap to _setMarketSupplyCaps to avoid unintended behavior.
Recommendation
add check for totalSupplyUnderlying <= newSupplyCap in _setMarketSupplyCaps() function.
Affected Contracts
Comptroller.sol
Severity
Medium
Description
https://github.com/LodestarFinance/lodestar-protocol/blob/cfca1ae275d023a02198798bbcb24b2a1f646776/contracts/Comptroller.sol#L267-L273
supplyCaps[cToken]
is used to cap the supply of cToken. It can be set by_setMarketSupplyCaps
.mintAllowed()
is used to check that allowed to mint tokens.https://github.com/LodestarFinance/lodestar-protocol/blob/cfca1ae275d023a02198798bbcb24b2a1f646776/contracts/Comptroller.sol#L1114-L1129
suppose current totalSupplyUnderlying is 10000 then it should not let
supplyCaps[cToken]
to less than 10000. but here_setMarketSupplyCaps
is not checking that currenttotalSupplyUnderlying
should be less thannewSupplyCap
.mintAllowed
is being used inmintFresh()
function ofCToken.sol
. add check fortotalSupplyUnderlying <= newSupplyCap
to_setMarketSupplyCaps
to avoid unintended behavior.Recommendation
add check for
totalSupplyUnderlying <= newSupplyCap
in_setMarketSupplyCaps()
function.