GalloDaSballo
commented
2 years ago It's really minor, but I agree, address, amount is the standard
This is a convention from transfer(address, amount), really minor but is a convention
Open code423n4 opened 3 years ago
GalloDaSballo
commented
2 years ago It's really minor, but I agree, address, amount is the standard
This is a convention from transfer(address, amount), really minor but is a convention
Handle
0xsanson
Vulnerability details
Impact
In Basket.sol, there is a function
mintTo(uint256 amount, address to). It's best practice to use as first argumentto, and as secondamount; see also the order used in L84 (_mint(to, amount)) and L86 (Minted(to, amount)).Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Basket.sol#L76
Tools Used
editor
Recommended Mitigation Steps
Consider switching the arguments (also don't forget to change the calls to the function).