function _convert only performs the conversion when minting is turned on:
if(minting()){
However, the funds are collected before and it does not reimburse the sender:
function convertForMember(address member, uint amount) public returns(uint) {
getFunds(VADER, amount);
return _convert(member, amount);
}
Same situation with function redeemForMember. I see no reason why the user should send and lose his tokens when the minting is turned off.
Recommended Mitigation Steps
Probably it would be better to replace "if" with "require" so that users won't be tricked into such an accident.
Handle
paulius.eth
Vulnerability details
Impact
function _convert only performs the conversion when minting is turned on: if(minting()){ However, the funds are collected before and it does not reimburse the sender: function convertForMember(address member, uint amount) public returns(uint) { getFunds(VADER, amount); return _convert(member, amount); } Same situation with function redeemForMember. I see no reason why the user should send and lose his tokens when the minting is turned off.
Recommended Mitigation Steps
Probably it would be better to replace "if" with "require" so that users won't be tricked into such an accident.