search

code-423n4 / 2023-01-astaria-findings

5 stars 2 forks source link

Transfer of assets should come before deleting and burning the collateral id #623

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/CollateralToken.sol#L345

Vulnerability details

Impact

Detailed description of the impact of this finding.

Clldata id is burnt and deleted before transfer

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Here, the calldata id is burnt and deleted before transfer

https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/CollateralToken.sol#L345

Tools Used

Manual Review

Recommended Mitigation Steps

Transfer of asset should be called before burning and deleting the calldataid

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality