Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, seemingly duplicate pf #190, but fails to identify the root cause and impact of a bypass of minimum checks for a standard first depositor inflation bug
takarez
medium
MIN_LIQUIDITY can lower than intended
Summary
The
MIN_LIQUIDITY
variable at here can be lower than whats written.Vulnerability Detail
The
MIN_LIQUIDITY
is a constant variable that is meant to be constant and not change, the comment there says that:which means that the
totalSupply
should not be lower than that amount.The
MIN_LIQUIDITY
was checked in theexecuteDeposit
function to ensure that the minted amount is not lower than theMIN_LIQUIDITY
:The issue here is that the same check is not in place during withdrawal and the withdraw amount was directly pass in to the
_burn
function allowing thetotalSupply
to be lower than theMIN_LIQUIDITY
Impact
The impact here is that the
totalSupply
can be lower than the saidMIN_LIQUIDITY
that should be always be the minimum allowed as the comment saysCode Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/StableModule.sol#L30
Tool used
Manual Review
Recommendation
The sponsor confirm to me that that :
it should be removed then and also the same check in the
executeDeposit
should also be removed.