Attacker can frontrun and mint user's token to his address
Summary
Attacker can frontrun and mint user's token to his address by The absorb function in PToken.sol contract
Vulnerability Detail
The absorb function allows the contract to mint tokens for a specified user based on the difference between the contract's token balance and the total supply of tokens. It calculates the amount of tokens to be minted and then mints them for the specified user.
But as it is a Public function and take input of the address where the tokens are going to be minted . This logic can be manipulated by a malicious user who monitors the contract and takes advantage of any gaps between the balance and the total supply. This can lead to unauthorized minting of tokens, causing potential harm to the user who deposited the actual tokens.
0xMosh
high
Attacker can frontrun and mint user's token to his address
Summary
Attacker can frontrun and mint user's token to his address by The
absorbfunction inPToken.solcontractVulnerability Detail
The
absorbfunction allows the contract to mint tokens for a specified user based on the difference between the contract's token balance and the total supply of tokens. It calculates the amount of tokens to be minted and then mints them for the specified user. But as it is a Public function and take input of the address where the tokens are going to be minted . This logic can be manipulated by a malicious user who monitors the contract and takes advantage of any gaps between the balance and the total supply. This can lead to unauthorized minting of tokens, causing potential harm to the user who deposited the actual tokens.Impact
This will cause loss of funds for users .
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/token/PToken.sol#L63
Tool used
Manual Review
Recommendation
Reimpliment the code as follows ,