search

code-423n4 / 2023-05-juicebox-findings

1 stars 1 forks source link

controller.mintTokensOf should check return value #177

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-juicebox/blob/main/juice-buyback/contracts/JBXBuybackDelegate.sol#L302 https://github.com/code-423n4/2023-05-juicebox/blob/main/juice-buyback/contracts/JBXBuybackDelegate.sol#L338

Vulnerability details

Impact

Sponsors or projects may get fewer tokens (or reverse tokens).

Proof of Concept

According to the Docs, controller.mintTokensOf returns the number of tokens minted for the beneficiary and won't revert if beneficiaryTokenCount is less than required.

So like for _mint(), the sponsor who calls pay() can get fewer tokens. And for the mintTokensOf in _swap, the project will suffer.

Tools Used

VSCode

Recommended Mitigation Steps

Add checks to make sure we mint what we required.

Assessed type

Context

dmvt commented 1 year ago

spam

c4-pre-sort commented 1 year ago

dmvt marked the issue as low quality report

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Invalid