BasicIssuanceModule.sol enables issuance and redemption functionality on a SetToken。One SetToken has different components; the issue is after calling the function issue(deposit) token, components may change. In this situation, the user may get fewer tokens.
Vulnerability Detail
user calls BasicIssuanceModule#issue deposit token
twcctop
high
compents may change after deposit
Summary
BasicIssuanceModule.sol enables issuance and redemption functionality on a SetToken。One SetToken has different components; the issue is after calling the function issue(deposit) token, components may change. In this situation, the user may get fewer tokens.
Vulnerability Detail
removeComponent,remove componentredeemget fewer tokenImpact
user mat gets fewer token
Code Snippet
https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/modules/v1/BasicIssuanceModule.sol#L144-L145
https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/modules/v1/BasicIssuanceModule.sol#L105
Tool used
Manual Review
Recommendation
add component data to cache,