Open hats-bug-reporter[bot] opened 1 week ago
There is no need to check if data._depositAmount and balance are equal. The depositAmount is only used to transfer the token to the batch contract if the input token is not ETH (native). The balance is calculated afterward to reflect the current balance of the deposit handler. @aktech297
Github username: @aktech297 Twitter username: kaka Submission hash (on-chain): 0x7c5f8813e51765bc895774914befb1723bbc2ca6fad615dee5f53ab04aecf61e Severity: high
Description: Description\
multiTokenSwapAndTransfer
is not checking for thedata._depositAmount
andbalance
are same.First the function tansfer token from user for balance of
data._depositAmount
.Later, in for loop it decode the token balance and use this to mint.
The issue is , data._depositAmount is very less like 1 wei. but the decoded
balance
big value.so by tranferring small amount, user can mint large value. Attachments
Proof of Concept (PoC) File code link
Revised Code File (Optional) Check both amount values are same.