search

hats-finance / Tapioca-0xe0b920d38a0900af3bab7ff0ca0af554129f54ad

1 stars 2 forks source link

Users cannot Redeem partial amount of LTap tokens #6

Open hats-bug-reporter[bot] opened 1 month ago

hats-bug-reporter[bot] commented 1 month ago

Github username: @shanb1605 Twitter username: shanb1605 Submission hash (on-chain): 0x531703ed4a57dddc4a5e74f6c227b6a90a3d14af72dcb3e61b4fcc0919bf6bc7 Severity: medium

Description: Description\ The LTap contract has redeem() to burn LTap tokens and get tapToken if openRedemption is true. The user's entire balance is used as a redemption amount to burn, and there is no option to burn the partial amount of tokens.

If users wish to hold some LTap tokens, it's not possible because the entire balance of LTap tokens is burned.

Attack Scenario\

  1. Alice holds 100 LTap tokens.
  2. Alice wishes to redeem 50 LTap tokens and keep 50 LTap tokens in her wallet.
  3. Alice calls LTap::redeem(...) and here the entire balance is wiped out.

Attachments

    function redeem() external tapExists {
        if (!openRedemption) revert RedemptionNotOpen();
        uint256 amount = balanceOf(msg.sender);
        _burn(msg.sender, amount);
        tapToken.safeTransfer(msg.sender, amount);
    }

Revised Code File (Optional) Could rewrite to:

    function redeem(unit amount) external tapExists {
        if (!openRedemption) revert RedemptionNotOpen();
        _burn(msg.sender, amount);
        tapToken.safeTransfer(msg.sender, amount);
    }
0xRektora commented 1 month ago

Invalid. That's not an attack. The behaviour is intended.