Description:Description\
The LTap contract has redeem() to burn LTap tokens and get tapToken if openRedemption is true. The user's entire balance is used as a redemption amount to burn, and there is no option to burn the partial amount of tokens.
If users wish to hold some LTap tokens, it's not possible because the entire balance of LTap tokens is burned.
Attack Scenario\
Alice holds 100 LTap tokens.
Alice wishes to redeem 50 LTap tokens and keep 50 LTap tokens in her wallet.
Alice calls LTap::redeem(...) and here the entire balance is wiped out.
Attachments
function redeem() external tapExists {
if (!openRedemption) revert RedemptionNotOpen();
uint256 amount = balanceOf(msg.sender);
_burn(msg.sender, amount);
tapToken.safeTransfer(msg.sender, amount);
}
Revised Code File (Optional)
Could rewrite to:
function redeem(unit amount) external tapExists {
if (!openRedemption) revert RedemptionNotOpen();
_burn(msg.sender, amount);
tapToken.safeTransfer(msg.sender, amount);
}
Github username: @shanb1605 Twitter username: shanb1605 Submission hash (on-chain): 0x531703ed4a57dddc4a5e74f6c227b6a90a3d14af72dcb3e61b4fcc0919bf6bc7 Severity: medium
Description: Description\ The LTap contract has
redeem()
to burn LTap tokens and get tapToken ifopenRedemption
istrue
. The user's entire balance is used as a redemption amount to burn, and there is no option to burn the partial amount of tokens.If users wish to hold some LTap tokens, it's not possible because the entire balance of LTap tokens is burned.
Attack Scenario\
LTap::redeem(...)
and here the entire balance is wiped out.Attachments
Revised Code File (Optional) Could rewrite to: