Insufficient JUSD balance in JUSDExchange contract will prevent users to buy JUSD.
Summary
In the JUSDExchange contract, users may be unable to exchange USDC for JUSD via the buyJUSD function, should the contract not hold sufficient JUSD.
Vulnerability Detail
The JUSDExchange contract includes a buyJUSD function that transfers JUSD tokens from the contract to a user's address. If the contract does not hold enough JUSD tokens to facilitate the exchange, the transaction will fail and revert, thereby preventing the user from completing the exchange.
Impact
This issue could lead to user dissatisfaction and mistrust in the platform, as users may not be able to convert their USDC into JUSD when desired.
My recommendation is to either implement a check for sufficient JUSD balance in the contract before initiating transfers, or to establish a "mint-on-demand" functionality that comes into effect once the user has transferred the USDC.
gerdusx
medium
Insufficient JUSD balance in JUSDExchange contract will prevent users to buy JUSD.
Summary
In the JUSDExchange contract, users may be unable to exchange USDC for JUSD via the
buyJUSDfunction, should the contract not hold sufficient JUSD.Vulnerability Detail
The JUSDExchange contract includes a
buyJUSDfunction that transfers JUSD tokens from the contract to a user's address. If the contract does not hold enough JUSD tokens to facilitate the exchange, the transaction will fail and revert, thereby preventing the user from completing the exchange.Impact
This issue could lead to user dissatisfaction and mistrust in the platform, as users may not be able to convert their USDC into JUSD when desired.
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/JUSDV1/src/Impl/JUSDExchange.sol#L41-L46
Tool used
Manual Review
Recommendation
My recommendation is to either implement a check for sufficient JUSD balance in the contract before initiating transfers, or to establish a "mint-on-demand" functionality that comes into effect once the user has transferred the USDC.