strictly-scarce
commented
3 years ago Closed code423n4 closed 3 years ago
strictly-scarce
commented
3 years ago 
dmvt
commented
3 years ago duplicate of #238
Handle
paulius.eth
Vulnerability details
Impact
function _convert only performs the conversion when minting is turned on: if(minting()){ However, the funds are collected before and it does not reimburse the sender: function convertForMember(address member, uint amount) public returns(uint) { getFunds(VADER, amount); return _convert(member, amount); } Same situation with function redeemForMember. I see no reason why the user should send and lose his tokens when the minting is turned off.
Recommended Mitigation Steps
Probably it would be better to replace "if" with "require" so that users won't be tricked into such an accident.