search

code-423n4 / 2022-12-prepo-findings

0 stars 1 forks source link

TokenSender may not have enough outputToken to transfer to the sender #250

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/TokenSender.sol#L42

Vulnerability details

Impact

There could be no outputToken balance in TokenSender.sol to be transferred out from the contract.

Proof of Concept

TokenSender.sol should have enough outputToken before it can be transferred out (See TokenSender.sol#L42). However, there is no code that transfer or mint outputToken to the contract

Tools Used

Manual

Recommended Mitigation Steps

Add code to transfer or mint outputToken to TokenSender.sol

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid