If the transferFrom call fails during the _mint operation:
User Impact: The user who initiated the minting will not have their tokens transferred, but the contract will still issue shares. This means the user gets shares without actually providing the underlying tokens.
Contract Impact: The balanceOf and totalSupply for the shares will increase inaccurately. The contract's perceived holdings of the underlying token will not match the actual token balance.
Scenario 2: Transfer Fails During Burning
If the transfer call fails during the _burn operation:
User Impact: The user who initiated the burning will have their shares burned, but the underlying tokens will not be transferred back to them. They effectively lose their shares without receiving the equivalent value in tokens.
Contract Impact: The balanceOf and totalSupply for the shares will decrease, but the actual tokens will still be in the contract. This can lead to a build-up of tokens in the contract that do not correspond to any issued shares.
pwning_dev
Medium
unchecked transfers in the
_mint
and_burn
functionspwning_dev
Summary
Vulnerability Detail
In the
_mint
function, the transferFrom method of the nst token is called without checking its return value:In the
_burn
function, the transfer method of the nst token is called without checking its return value:Impact
Scenario 1: Transfer Fails During Minting
If the transferFrom call fails during the _mint operation:
Scenario 2: Transfer Fails During Burning
If the transfer call fails during the _burn operation:
balanceOf
andtotalSupply
for the shares will decrease, but the actual tokens will still be in the contract. This can lead to a build-up of tokens in the contract that do not correspond to any issued shares.Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/sdai/src/SNst.sol#L284C5-L324C1
Tool used
Manual Review
Recommendation
_mint
Function with Checked Transfer_burn
Function with Checked Transfer