Closed sherlock-admin closed 1 year ago
This contract is meant to be used only on sidechains and not on rollups and there's no risk to users, hence disputing the severity as low / informational. Re conflicting burn mechanisms - there are pros and cons for this approach, depending how these tokens are used
Agree with sponsors explanation. I think it should keep as low severity
josephdara
high
Conflicting Burn Mechanisms
Summary
The Ajna token has conflicting method which could potentially ruin the accounting mechanism adopted by the protocol. The
AjnaToken.sol
implements theERC20Burnable
as well as a seperatelyBurnWrappedAjna
Vulnerability Detail
The AjnaToken already implements burnability of tokens by the owner or an approved address. This burns the Tokens and reduces the total supply. The BurnWrappedAjna however implements a burnable wrapper for ajna, which locks the tokens deposited in the contract forever . See
It also mints a burnWrapped token for the protocol when tokens are deposited. But Ajna tokens in this contract can never be burnt (Only the wrapped tokens can be burnt), therefore BurnWrapping your tokens do not decrease the ajna token total supply.
Impact
This leads to conflicting TVLs, token permanently locked and other unintended outcomes
Code Snippet
https://github.com/sherlock-audit/2023-04-ajna/blob/main/ajna-grants/src/token/AjnaToken.sol#L11-L15
ERC20Burnable.sol
we havehttps://github.com/sherlock-audit/2023-04-ajna/blob/main/ajna-grants/src/token/BurnWrapper.sol#L9-L19 https://github.com/sherlock-audit/2023-04-ajna/blob/main/ajna-grants/src/token/BurnWrapper.sol#L56-L58
Tool used
Manual Review
Recommendation
Use only one burning mechanism to achieve the results specified in the white paper