search

code-423n4 / 2021-12-vader-findings

0 stars 0 forks source link

burn function doesn't check if uAmount is greater than zero yet still creates locks #94

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

jayjonah8

Vulnerability details

Impact

In USDV.sol the burn() function takes in a uAmount argument but it doesn't check if the uAmount is greater than 0. It will still call _burn, vader.mint(), and _createLock creating useless locks.

Proof of Concept

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/tokens/USDV.sol#L100

Tools Used

Manual code review

Recommended Mitigation Steps

Add to burn() function: require(uAmount > 0, "uAmount cannot be zero")

0xstormtrooper commented 2 years ago

Same reasoning as here

https://github.com/code-423n4/2021-12-vader-findings/issues/92