Open c4-bot-2 opened 8 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #22
alcueca changed the severity to QA (Quality Assurance)
Limited impact, can sell all minus one wei.
alcueca marked the issue as grade-a
This previously downgraded issue has been upgraded by alcueca
alcueca marked the issue as satisfactory
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-b
@alcueca I would like to ask why this issue is graded as grade-b when the primary is grade-a. This issue clearly describes the vulnerability and has a provided POC. Thank you for your time.
Lines of code
https://github.com/code-423n4/2024-01-curves/blob/main/contracts/Curves.sol#L282-L293
Vulnerability details
Impact
If a user wants to sell his curves tokens for a specific
token subject
he has to call theThe function checks if the supply is <= to the specified amount. When a token subject creates a curves token, he has to mint the first token, and that token is free. However the problem arises if the token subject decides to sell his token. No matter the supply a user that paid
ETH
for a curves token should always be able to sell his token for some amount. As shown in the below POC if the token subject sells his token, the last user to sell won't be able to.Proof of Concept
Gist After following the steps in the above gist, add the following test in the
AuditorTests.t.sol
:To run the test use:
forge test -vvv --mt test_UserCantSellLastToken
As can be seen form the logs with the fees used to set up the
Curves.sol
contract as shown in the gist above, the minimum amount for which a user that bough a token should be able to sell it is46875000000000
≈0,000046875ETH
Tools Used
Manual review & Foundry
Recommended Mitigation Steps
Consider not allowing the
token subject
to sell his token.Assessed type
Context