search

sherlock-audit / 2022-11-sense-judging

1 stars 0 forks source link

csanuragjain - User has to pay twice #4

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

csanuragjain

medium

User has to pay twice

Summary

While minting in RollerPeriphery.sol#L59, user transfer the amount to RollerPeriphery. But seems like vault.mint(shares, receiver) will also be transferring from user, making user to pay double

Vulnerability Detail

  1. Observe the mint function
function mint(ERC4626 vault, uint256 shares, address receiver, uint256 maxAmountIn) external returns (uint256 assets) {
        ERC20(vault.asset()).safeTransferFrom(msg.sender, address(this), vault.previewMint(shares));

        if ((assets = vault.mint(shares, receiver)) > maxAmountIn) {
            revert MaxAssetError();
        }
    }

  1. As we can see the fund are transferred to this contract and then ERC4626 function vault.mint(shares, receiver)) is called which again ask user to transfer funds, making double payment

  2. This also need to be fixed for deposit function

Impact

User will lose funds

Code Snippet

https://github.com/sherlock-audit/2022-11-sense/blob/main/contracts/src/RollerPeriphery.sol#L59

Tool used

Manual Review

Recommendation

Do not pull money from user as this will already be taken care by vault.mint(shares, receiver))