c4-bot-7 commented 10 months ago

Lines of code

https://github.com/code-423n4/2024-01-curves/blob/main/contracts/Curves.sol#L373

Vulnerability details

Impact

from the buyCurvesTokenWithName function implementation there was no check for zero amount, this could lead to buying a zero amount of curveTokens and still minting thereby bypassing the _buyCurvesToken which by design is bad.

Proof of Concept

https://github.com/code-423n4/2024-01-curves/blob/main/contracts/Curves.sol#L373

Tools Used

Manual Review

Recommended Mitigation Steps

Add a check for zero amount to avoid bypassing the _buyCurvesToken function

Assessed type

Other

c4-pre-sort commented 10 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #44

c4-judge commented 10 months ago

alcueca marked the issue as not a duplicate

c4-judge commented 10 months ago

alcueca changed the severity to QA (Quality Assurance)

c4-judge commented 10 months ago

alcueca marked the issue as grade-b

code-423n4 / 2024-01-curves-findings

Token can be minted without buying curveTokens #1506

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Assessed type