Claim Tracking: The contract uses the claimedPTokens mapping to record the amount each user has claimed per pointsId.
Minting: Upon claiming, the function calculates a mint fee and mints the net amount of pTokens to the user.
Attack Path
Attack Path:
Indirect Exploitation: While not a direct attack vector, the lack of tracking could be indirectly exploited if decisions are made based on incorrect assumptions about the total supply.
Impact
Potential Issues:
Lack of Aggregate Tracking: The absence of a total supply tracker for each pointsId complicates auditing and verifying the overall distribution of pTokens, which may be necessary for transparency or governance.
Potential for Oversight: Although not a direct security threat, the lack of aggregate tracking could lead to oversight in monitoring the total supply of pTokens, potentially affecting economic models or governance decisions.
Economic Model Risks: If the protocol depends on total supply data for economic calculations or governance, the absence of tracking could result in incorrect assumptions or decisions.
Mitigation
Mitigations:
Total Supply Tracking: Implement a mechanism to track the total number of pTokens minted for each pointsId. This can be achieved by incorporating a counter that increments with each mint operation.
Cool Cream Rhino
Low/Info
Lack Of Total pTokens Minted Tracked
Summary
In the
claimPTokens
function of thePointTokenVault.sol
contract onLine:142-162
, there is currently no mechanism to track the total number ofpTokens
minted for eachpointsId
. https://github.com/sherlock-audit/2024-07-sense-points-marketplace/blob/main/point-tokenization-vault/contracts/PointTokenVault.sol?plain=1#L142-L162Root Cause
Current Mechanism:
claimedPTokens
mapping to record the amount each user has claimed perpointsId
.pTokens
to the user.Attack Path
Attack Path:
Impact
Potential Issues:
Lack of Aggregate Tracking: The absence of a total supply tracker for each
pointsId
complicates auditing and verifying the overall distribution ofpTokens
, which may be necessary for transparency or governance.Potential for Oversight: Although not a direct security threat, the lack of aggregate tracking could lead to oversight in monitoring the total supply of
pTokens
, potentially affecting economic models or governance decisions.Economic Model Risks: If the protocol depends on total supply data for economic calculations or governance, the absence of tracking could result in incorrect assumptions or decisions.
Mitigation
Mitigations:
Total Supply Tracking: Implement a mechanism to track the total number of
pTokens
minted for eachpointsId
. This can be achieved by incorporating a counter that increments with each mint operation.