Open code423n4 opened 3 years ago
pauliax6@gmail.com
paulius.eth
0x523B5b2Cc58A818667C22c862930B141f85d49DD
function buyBond transfers amount from msg.sender twice: Fund(fund()).depositFor(msg.sender, issuer, amount); ... collectToken(issuer, msg.sender, amount);
This makes the msg.sender pay twice for the same bond.
Charge poor man only once.
Email address
pauliax6@gmail.com
Handle
paulius.eth
Eth address
0x523B5b2Cc58A818667C22c862930B141f85d49DD
Vulnerability details
function buyBond transfers amount from msg.sender twice: Fund(fund()).depositFor(msg.sender, issuer, amount); ... collectToken(issuer, msg.sender, amount);
Impact
This makes the msg.sender pay twice for the same bond.
Recommended mitigation steps
Charge poor man only once.