Possible Loss of Token Due to Lack of Balance check in burn() fucntion

Summary

If a user calls the burn function with an amount equal to their entire token balance, they would end up with a zero balance for that token. This is because the burn function reduces the balance of the caller's address by the specified amount and at the same time, it doesn't check that the user has enough balance to burn

Vulnerability Detail

Scenario:

The user calls the burn function with their entire token balance as the amount.

The burn function in the contract attempts to decrease the balance of the user's address by amount. Since the amount is equal to the user's entire token balance, this operation succeeds.

The burn function then reduces the total supply of tokens by amount.

The user's address now has a balance of zero for that token.

Impact

This could be particularly problematic if the user holds other tokens that rely on the token they just burnt. For example, if the user is holding tokens for staking or governance voting rights, burning these tokens could affect their ability to participate in these activities.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar%2Fpackages%2Fcontracts%2Fsrc%2Fdollar%2Fcore%2FERC20Ubiquity.sol#L142-L145

Tool used

Manual Review Vs code

Recommendation

To mitigate this risk, it's recommended to add a mechanism that prevents users from burning more tokens than they own. This could be done by checking the user's balance before allowing them to call the burn function.

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

Makes no sense, seems AI generated