search

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

Nyxaris - Unvalidated Burn Operation from Zero Address in swapAndSend Function #12

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

Nyxaris

medium

Unvalidated Burn Operation from Zero Address in swapAndSend Function

Summary

The swapAndSend function lacks a check for the zero address on the wallet parameter before burning tokens

Vulnerability Detail

The function attempts to burn tokens from the wallet address without validating that it is not the zero address (address(0)). This could lead to unintended behavior if the Stablecoin contract's burnFrom function does not include a check to prevent such an action.

Impact

If the Stablecoin contract's burnFrom function allows for burning from the zero address, this could lead to an unwarranted reduction in the total supply of the stablecoin, as tokens could be burned from an address that should not hold any tokens. This could undermine the integrity of the token's supply management and potentially be exploited to manipulate the token's metrics or trigger unexpected behavior in other parts of the system that rely on accurate supply calculations.

Code Snippet

code

 /**
     * @notice Swaps and sends stablecoins according to specified parameters, enforcing role and pause state.
     * @dev Only callable by addresses with the SWAPPER_ROLE and when the contract is not paused.
     * @param wallet The wallet address from which tokens will be burned.
     * @param ss The stablecoin swap details, including source, target, and amounts.
     */
    function swapAndSend(
        address wallet,
        StablecoinSwap memory ss
    ) public virtual whenNotPaused nonZero(ss) onlyRole(SWAPPER_ROLE) {
        if (
            Stablecoin(ss.origin).totalSupply() - ss.oAmount <
            getMinLimit(ss.origin)
        ) revert InvalidMintBurnBoundry(ss.origin);

        if (
            Stablecoin(ss.target).totalSupply() + ss.tAmount >
            getMaxLimit(ss.target)
        ) revert InvalidMintBurnBoundry(ss.target);

        Stablecoin(ss.origin).burnFrom(wallet, ss.oAmount);
        Stablecoin(ss.target).mintTo(ss.destination, ss.tAmount);
    }

Tool used

Manual Review

Recommendation

Implement a check to ensure that wallet is not the zero address before calling burnFrom. 

 function swapAndSend(
        address wallet,
        StablecoinSwap memory ss
    ) public virtual whenNotPaused nonZero(ss) onlyRole(SWAPPER_ROLE) {
+     require(wallet != address(0),"Wallet Cannot be Zero address");

        if (
            Stablecoin(ss.origin).totalSupply() - ss.oAmount <
            getMinLimit(ss.origin)
        ) revert InvalidMintBurnBoundry(ss.origin);

        if (
            Stablecoin(ss.target).totalSupply() + ss.tAmount >
            getMaxLimit(ss.target)
        ) revert InvalidMintBurnBoundry(ss.target);

        Stablecoin(ss.origin).burnFrom(wallet, ss.oAmount);
        Stablecoin(ss.target).mintTo(ss.destination, ss.tAmount);
    }
sherlock-admin3 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

zero address validation is invalid under Sherlock's rules