Closed c4-bot-5 closed 8 months ago
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L340
Took from C4 contest page:
IBT rate is only updated upon user interactions with our protocol
under "Main invariants" subtitle.
Investigate impact if it breaks some functionality if a malicious user burns his tokens.
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Manual review, Foundry
Limit who can call this function and when can it be called
Access Control
Withdrawn by matejdb
c4-bot-3
commented
8 months ago c4-bot-3
commented
8 months ago
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L340
Vulnerability details
Impact
Took from C4 contest page:
under "Main invariants" subtitle.
Investigate impact if it breaks some functionality if a malicious user burns his tokens.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Manual review, Foundry
Recommended Mitigation Steps
Limit who can call this function and when can it be called
Assessed type
Access Control