search

sherlock-audit / 2023-01-uxd-judging

3 stars 1 forks source link

sach1r0 - `localMintAmount` could be incorrect than the actual amount #432

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

sach1r0

medium

localMintAmount could be incorrect than the actual amount

Summary

The mint and burn function in the UXDToken.sol changes the state of the localMintAmount before calling other functions that might revert when the controller accidentally inputs incorrect parameters.

Vulnerability Detail

localMintAmount could be incorrect when the controller calling the mint and burn functions accidentally or maliciously inputs parameters that causes a revert.

Impact

Could lead to localMintAmount value be incorrect which will cause discrepancy in the actual tokenomics.

Code Snippet

https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDToken.sol#L72-L77 https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDToken.sol#L83-L90

Tool used

Vim and Manual Review

Recommendation

I recommend changing the localMintAmount state after calling the other functions.

function mint(address account, uint256 amount) external onlyController {
    _checkLocalMint();
    localMintAmount += amount;
    _mint(account, amount);
    emit Minted(account, amount);
}