if called with zero value, it will simply and correctly update the total supply with demurrage. So not an issue.
specifically #50 already pointed out the unintended design of the migrate function in Migrate.sol not checking for zero value; while this is not a security issue, it wasn't what we had considered, so we'll add a check and the issue is already covered
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1e8efe52cc159b68e01c7ad30ecadaccc82dfa61d79296a1a55043b1d9c88433 Severity: high
Description: Description\ I'll take Hub.migrate as an example,
Hub.migrate
, the function doesn't check if input parameter_amounts
contains elements has0
as input._value
is larger than0
, and then calls _mintvalue
is larger than0
and calls ERC1155._updateWithAcceptanceCheck, also the function doesn't checkvalues
values
is zeronewTotalSupply
is calculated based on _calculateDiscountedBalance, andtoday - totalSupplyBalance.lastUpdatedDay
is used_daysDifference == 0
, the balance will not be discountedtotalSupplyBalance.lastUpdatedDay
is updated in Circles.sol#L161Attack Scenario\
Please note that the issue exists in multiple functions in the protocol, such as ERC1155.safeTransferFrom and ERC1155.safeBatchTransferFrom and other functions.
For
safeTransferFrom
andsafeBatchTransferFrom
, the user can call this function with 0 every 23 hours to avoid be discounted. AttachmentsProof of Concept (PoC) File
Revised Code File (Optional)