search

sherlock-audit / 2023-04-unitasprotocol-judging

4 stars 3 forks source link

PokemonAuditSimulator - Protocol mints fee, instead of subtracting it from the user, causing infaltion #121

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

PokemonAuditSimulator

medium

Protocol mints fee, instead of subtracting it from the user, causing infaltion

Summary

Protocol mint's fee, instead of subtracting it from the user. This increases totalsupply and inflates it for all users, not just the minter.

Vulnerability Detail

In Unitas.sol under swap the protocol calculates the fee and them mints tokens to the protocol. This is inflationary behavior that punishes all users, since it increases the totalSupply of the token. It also doesn't damage that much the original user that called swap, since his conversion is not effected.

     if (fee > 0) {
         address feeReceiver = surplusPool;
         feeToken.mint(feeReceiver, fee);
         emit SwapFeeSent(address(feeToken), feeReceiver, fee);
     }

Impact

Code Snippet

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L228-L232

Tool used

Manual Review

Recommendation

The function should take out the fee from the original conversion in swapOut. Lower the amountOut, by the fee.