sherlock-admin4
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
WildSniper commented:
no impact at all(just a feature request)
Closed sherlock-admin2 closed 6 months ago
sherlock-admin4
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
WildSniper commented:
no impact at all(just a feature request)
tpiliposian
high
Lack of Tracking for Redeemed mTBILL Tokens in RedemptionVault Contract
Summary
The
RedemptionVault.solcontract does not track the redemption ofmTBILLtokens by users, which leads to an incomplete record of user balances and activities. This issue can result in discrepancies between the amount deposited and the amount redeemed by users.Vulnerability Detail
In the
DepositVault.solcontract, thetotalDepositedmapping tracks the total amount deposited by each user:However, the
RedemptionVault.solcontract does not update this mapping whenmTBILLtokens are redeemed. As a result, there is no record of the amount of mTBILL tokens that have been redeemed by each user. This lack of tracking can lead to issues in accurately determining user balances and can cause inconsistencies in the system's overall accounting.Impact
The lack of tracking for redeemed
mTBILLtokens can lead to inaccurate user balance records, causing potential disputes and confusion in calculations.Code Snippet
https://github.com/sherlock-audit/2024-05-midas/blob/main/midas-contracts/contracts/RedemptionVault.sol#L61-L77
Tool used
Manual Review
Recommendation
Implement a mechanism to update the
totalDepositedmapping in theDepositVault.solcontract whenmTBILLtokens are redeemed.