Closed chasebrownn closed 5 months ago
The CrossChainMigrator::burnToken function will incorrectly invoke the IPassiveIncomeNFT::claimableIncome function and ignore its result.
CrossChainMigrator::burnToken
IPassiveIncomeNFT::claimableIncome
function burnToken(uint256 tokenId) external onlyOwner { require(passiveIncomeNFT.ownerOf(tokenId) == address(this), "CrossChainMigrator: not owner"); (,uint256 endTime, uint256 lockedAmount, uint256 multiplier, uint256 claimed,) = passiveIncomeNFT.locks(tokenId); uint256 totalRewardAmount = (lockedAmount * (multiplier - 1e18)) / 1e18; (uint256 amount,) = passiveIncomeNFT.claimableIncome(tokenId); require(block.timestamp >= endTime, "CrossChainMigrator: not expired"); amount = lockedAmount + totalRewardAmount; if (amount > claimed) { unchecked { amount = amount - claimed; } } else { amount = 0; } uint256 received = passiveIncomeNFT.burn(tokenId); uint256 excessAmount = received - amount; if (excessAmount != 0) { tngblToken.transfer(address(passiveIncomeNFT), excessAmount); } _burnTngbl(); }
We advise the code to not invoke the IPassiveIncomeNFT::claimableIncome function as its value will be equal to the totalRewardAmount as the ensuing IPassiveIncomeNFT::burn operation will solely execute if the NFT has been fully vested.
totalRewardAmount
IPassiveIncomeNFT::burn
Resolved
chasebrownn
commented
5 months ago
CCM-04C: Redundantly Queried Value
Description:
The
CrossChainMigrator::burnTokenfunction will incorrectly invoke theIPassiveIncomeNFT::claimableIncomefunction and ignore its result.Example:
Recommendation:
We advise the code to not invoke the
IPassiveIncomeNFT::claimableIncomefunction as its value will be equal to thetotalRewardAmountas the ensuingIPassiveIncomeNFT::burnoperation will solely execute if the NFT has been fully vested.