Evert0x
commented
3 years ago 1 (low risk); as the function is called '..inStored..', at it is using the stored variables. I agree it is a confusing function name.
Open code423n4 opened 3 years ago
Evert0x
commented
3 years ago 1 (low risk); as the function is called '..inStored..', at it is using the stored variables. I agree it is a confusing function name.
ghoul-sol
commented
3 years ago agree with sponsor, low risk
Handle
shw
Vulnerability details
Impact
The
calcUnderlyingInStoredUSD()function ofSherXshould returncalcUnderlyingInStoredUSD(getSherXBalance())instead ofcalcUnderlyingInStoredUSD(sx20.balances[msg.sender])since there could be SherX unallocated to the user at the time of the function call. A similar function,calcUnderlying(), calculates the user's underlying tokens based on the user's current balance plus the unallocated ones.Proof of Concept
Referenced code: SherX.sol#L141
Recommended Mitigation Steps
Change
sx20.balances[msg.sender]togetSherXBalance()at line 141.