Closed code423n4 closed 2 years ago
gzeon
Pool cap is checked in L154 https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L154
require( totalSupply.add(_amount) <= this.getCap(), "MAX_POOL_CAP_REACHED" );
but since we mint _amount to the user and some % of feeAmount to Beneficiary, totalSupply can actually go above the defined cap.
_amount
feeAmount
require( totalSupply.add(_amount).add(feeAmount.mul(bs.entryFeeBeneficiaryShare).div(10**18)) <= this.getCap(), "MAX_POOL_CAP_REACHED" );
Duplicate #283
loki-sama
commented
2 years ago loki-sama
commented
2 years ago
Handle
gzeon
Vulnerability details
Impact
Pool cap is checked in L154 https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L154
but since we mint
_amountto the user and some % offeeAmountto Beneficiary, totalSupply can actually go above the defined cap.Recommended Mitigation Steps