The contract RioLRT allows the RioLRTcoordinator to mint 0 token.
Summary
In the mint function of the RioLRT contract, there is no check to ensure that the mint amount is greater than zero. As a result, the coordinator can invoke the mint function with a zero amount, resulting in a transaction that consumes gas without any actual minting of tokens.
Vulnerability Detail
This vulnerability allows RioLRTcoordinator to mint 0 token. Which add unnecessary tx on blockchain, waste gas by invoking the mint function with zero mint amount.
Proof Of Concept
The below test case shows how coordinator can mint 0 token amount.
function test_mint() public {
uint256 initialSupply = token.totalSupply();
vm.prank(address(reETH.coordinator));
token.mint(address(42), 0);
console.log("Token balance of user is:", token.balanceOf(address(42)));
assertEq(token.balanceOf(address(42)), 0);
}
Output:-
[PASS] test_mint() (gas: 41524)
Logs:
Token balance of user is: 0
Impact
This vulnerability allows the coordinator to waste gas by invoking the mint function with zero as the mint amount, leading to unnecessary transaction costs.
Add a check in the mint function to ensure that the mint amount is greater than zero before proceeding with the minting operation.
/// @notice Mint `amount` tokens to the specified address.
/// @param to The address to mint tokens to.
/// @param amount The amount of tokens to mint.
function mint(address to, uint256 amount) external onlyCoordinator {
+ require(amount > 0, "Amount to mint must be greater than zero");
_mint(to, amount);
}
0xKartikgiri00
medium
The contract
RioLRT
allows theRioLRTcoordinator
to mint 0 token.Summary
In the mint function of the RioLRT contract, there is no check to ensure that the mint amount is greater than zero. As a result, the coordinator can invoke the mint function with a zero amount, resulting in a transaction that consumes gas without any actual minting of tokens.
Vulnerability Detail
This vulnerability allows
RioLRTcoordinator
to mint 0 token. Which add unnecessary tx on blockchain, waste gas by invoking the mint function with zero mint amount.Proof Of Concept
The below test case shows how coordinator can mint 0 token amount.
Output:-
Impact
This vulnerability allows the coordinator to waste gas by invoking the mint function with zero as the mint amount, leading to unnecessary transaction costs.
Code Snippet
https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/main/rio-sherlock-audit/contracts/restaking/RioLRT.sol#L55
Tool used
Manual Review, Foundry
Recommendation
Add a check in the mint function to ensure that the mint amount is greater than zero before proceeding with the minting operation.