While minting in RollerPeriphery.sol#L59, user transfer the amount to RollerPeriphery. But seems like vault.mint(shares, receiver) will also be transferring from user, making user to pay double
As we can see the fund are transferred to this contract and then ERC4626 function vault.mint(shares, receiver)) is called which again ask user to transfer funds, making double payment
csanuragjain
medium
User has to pay twice
Summary
While minting in RollerPeriphery.sol#L59, user transfer the amount to RollerPeriphery. But seems like vault.mint(shares, receiver) will also be transferring from user, making user to pay double
Vulnerability Detail
mint
functionAs we can see the fund are transferred to this contract and then ERC4626 function
vault.mint(shares, receiver))
is called which again ask user to transfer funds, making double paymentThis also need to be fixed for
deposit
functionImpact
User will lose funds
Code Snippet
https://github.com/sherlock-audit/2022-11-sense/blob/main/contracts/src/RollerPeriphery.sol#L59
Tool used
Manual Review
Recommendation
Do not pull money from user as this will already be taken care by vault.mint(shares, receiver))