search

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

turvec - Doesn't check if both target and origin token to be swap are the same causing inaccurate minting of the stablecoin #70

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

turvec

medium

Doesn't check if both target and origin token to be swap are the same causing inaccurate minting of the stablecoin

Summary

Doesn't check if both target and origin token to be swap are the same causing inaccurate minting of the stablecoin

Vulnerability Detail

The convertToEXYZ function transfers the asset to be convert and then mint the equivalent stablecoin

ERC20PermitUpgradeable(ss.origin).safeTransferFrom(
            wallet,
            safe,
            ss.oAmount
        );
        Stablecoin(ss.target).mintTo(ss.destination, ss.tAmount);

However, if the target and origin token to be swap are the same it will cause more unmatched minting of the same stablecoin to be in circulation

Impact

Inaccurate minting and inflation of the stablecoin

Code Snippet

https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/stablecoin/StablecoinHandler.sol#L141-L157

Tool used

Manual Review

Recommendation

Check that target and origin token provided should never be the same.

sherlock-admin2 commented 8 months ago

2 comment(s) were left on this issue during the judging contest.

WangAudit commented:

convertToEXYZ is called only by a trusted role + looks like a design decision and works as intended

takarez commented:

invalid