0xleastwood
commented
2 years ago I'm not exactly sure if this is a valid issue. It requires a user burning their own tokens for whatever reason. This just doesn't seem likely.
Closed code423n4 closed 2 years ago
0xleastwood
commented
2 years ago I'm not exactly sure if this is a valid issue. It requires a user burning their own tokens for whatever reason. This just doesn't seem likely.
Handle
kenzo
Vulnerability details
A user can withdraw his Polygon bridge tokens into ETH, and then deposit them in ERC20Predicate when wanting to go back to Polygon. Then, he might burn his underlying basket tokens (exit the basket). He won't be able to withdraw or deposit anymore, but his MintableERC20 tokens are still in ERC20PREDICATE.
Impact
Wrong totalSupply of MintableERC20 on Ethereum.
Recommended Mitigation Steps
Not sure if there's a mitigation under the current implementation.