search

code-423n4 / 2022-02-tribe-turbo-findings

1 stars 0 forks source link

Mint does not produce the intended amount of shares #19

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/Rari-Capital/solmate/blob/1205a9067ff957ef8b0b003ff9d77c20ef9f2e0b/src/mixins/ERC4626.sol#L67

Vulnerability details

Resubmitting this issue with a better explanation, apologize for the double submit.

Impact

In the mint function, it should produce shares token, but there is an inattention mistake and it produces amount tokens.

Proof of Concept

https://github.com/Rari-Capital/solmate/blob/1205a9067ff957ef8b0b003ff9d77c20ef9f2e0b/src/mixins/ERC4626.sol#L67

Assume the contract manages 1000 assets for 10 shares, if you call mint for 10 shares, you'll in fact create 1000.

Tools Used

I am developing a contract using the ERC4626 standard

Recommended Mitigation Steps

Replace amount by shares

Joeysantoro commented 2 years ago

https://github.com/code-423n4/2022-02-tribe-turbo-findings/issues/18

GalloDaSballo commented 2 years ago

Finding is valid, however it's a duplicate by the same warden, marking as invalid