search

Lodestar-Finance / lodestar-protocol

Houses the code for the Lodestar Finance DeFi protocol.
BSD 3-Clause "New" or "Revised" License
10 stars 7 forks source link

token should be minted till its equals to supplyCap #15

Closed rajatbeladiya closed 1 year ago

rajatbeladiya commented 1 year ago

Affected Contracts

Comptroller.sol CToken.sol

Severity

Medium

Description

https://github.com/LodestarFinance/lodestar-protocol/blob/cfca1ae275d023a02198798bbcb24b2a1f646776/contracts/ComptrollerStorage.sol#L155-L161

supplyCaps[cToken] is introduced to cap the mint supply of token. if it is set 10000 for tokenA then it can be minted 10000.

https://github.com/LodestarFinance/lodestar-protocol/blob/cfca1ae275d023a02198798bbcb24b2a1f646776/contracts/Comptroller.sol#L272

but here, it is checking that it should be nextTotalSupply < supplyCap. that means tokenA can be minted to 9999 only. it will lead to miscalculations and unintended behaviour to the protocol.

Recommendation

change it to require(nextTotalSupply <= supplyCap, "market supply cap reached”);

0xAppo commented 1 year ago

The difference here is negligible for practical purposes.