Closed sherlock-admin2 closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, in _mintTo()
, _setMintUnlockTime()
is only executed after _lock()
is executed where lockedAmount
has already been incremented here
alexzoid
medium
Mint Points Reverts When Locked Amount Less Than Mint Amount
Summary
Minting points process is disrupted when a user has fewer points than the amount intended to mint.
Vulnerability Detail
There is an underflow issue when
mintAmount
exceedslockedAmount
. This situation occurs when a user attempts to mint more tokens than currently locked, leading to a revert.https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/PointsModule.sol#L142-L155
Complicating the issue, the
PointsModule._setMintUnlockTime
function is indirectly called during critical operations like executing a pending order viaDelayedOrder.executeOrder()
and opening leverage withLeverageModule.executeOpen()
.Impact
This is a medium-severity issue because it disrupts core functionalities such as deposit execution and leverage opening due to the minting points function reverting when a user's existing points are fewer than the mint amount.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/PointsModule.sol#L150
Tool used
Manual Review
Recommendation
Implement a check to ensure the user's locked points are greater than or equal to the mint amount: