search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

jah - we can't call mint function after we called burn funciton #222

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

jah

high

we can't call mint function after we called burn funciton

Summary

the mint function will revert after we called the burn function

Vulnerability Detail

since the mint function uses totalsupply() to mint the tokenid we might try to mint the same tokenid which will cause a revert so lets say the governance called the mint function and at that time totalsupply() was 10 then that token was minted which means the totalsupply() will be 11 the burn function was called to burn the tokenid of 5 which will make the totalsupply back to 10 so if we ever tried to mint a token it will try to mint an already minted tokenid which is 10

Impact

can cause the function to stop working

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L181

Tool used

Manual Review

Recommendation

don't use totalsupply() as tokenid

Duplicate of #199

sherlock-admin2 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid because {this is valid and same with issue 109 due to the same underlying cause of poor implementation of burn function}