search

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

PrincipalToken.sol is not EIP-5095 compliant #115

Closed c4-bot-1 closed 8 months ago

c4-bot-1 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L120

Vulnerability details

Impact

PrincipalToken.sol does not comply with EIP-5095 standards.

Proof of Concept

Based on EIP-5095:

All Principal Tokens MUST implement EIP-20’s optional metadata extensions. The name and symbol functions SHOULD reflect the underlying token’s name and symbol in some way, as well as the origination protocol, and in the case of yield tokenization protocols, the origination money-market.

However, PrincipalToken.sol lacks implementation of the name() and symbol() functions that accurately represent the underlying token's name and symbol, which is ibt in this instance.

Tools Used

Manual Review

Recommended Mitigation Steps

Implement name() and symbol() that reflect the underlying ERC4626 token.

Assessed type

Context

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as duplicate of #33

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as sufficient quality report

c4-judge commented 8 months ago

JustDravee marked the issue as not a duplicate

c4-judge commented 8 months ago

JustDravee marked the issue as unsatisfactory: Invalid