search

makerdao / keg

GNU Affero General Public License v3.0
11 stars 6 forks source link

brew / pour coupling assumption #9

Closed hexonaut closed 3 years ago

hexonaut commented 4 years ago

https://github.com/makerdao/keg/blob/8202cbd88657ad2a6194691db9c5c5d8754fc229/src/Keg.sol#L134

There is an implicit assumption with this line that brew and pour will be called one after the other for the same total amount. For example, if brew is called twice then the next pour call will need to allocate funds all mugs at once for both of the individual brew calls. It may be possible that two different contracts want to allocate funds at the same time in which case pour will fail if the brews happen to be called in a separate transaction.

I'd recommend either merging these two functions or changing the line above to:

require(vat.dai(address(this)) >= mul(beer, RAY), "Keg/not-enough-brew");

hexonaut commented 3 years ago

Solved in https://github.com/makerdao/keg/pull/12