DittoETH

Summary

The withdrawAsset() function in the VaultFacet contract is designed to allow users to withdraw their ERC20 tokens from the contract. However, the function currently uses the mint() method of the ERC20 token to provide the withdrawn tokens to the user.

Vulnerability Details

The mint() function is typically used to create new tokens and add them to the total supply. In most ERC20 token contracts, this function is restricted to certain roles (like an owner or minter role) for controlling the supply of the tokens.

Impact

If the ERC20 token doesn't have a mint() function or if the contract doesn't have the necessary role to call it, the withdrawAsset() function will fail. This could lock the users' funds in the contract, as they wouldn't be able to withdraw their tokens.

Tools Used

Manual review

Recommendations

Instead of using mint(), it would be more appropriate to use the transfer() or safeTransferFrom() function. These functions are standard parts of the ERC20 interface and are used to move tokens from one account to another. They don't create new tokens, but rather move existing ones. This would require the contract to hold the tokens in its own balance, which could be done through a deposit or similar function.
Please review and consider revising the withdrawAsset() function to use transfer() or safeTransferFrom() instead of mint()

import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

// ...

using SafeERC20 for IERC20;

// ...

function withdrawAsset(address asset, uint104 amount)
external
onlyValidAsset(asset)
nonReentrant
{
if (amount == 0) revert Errors.PriceOrAmountIs0();

STypes.AssetUser storage AssetUser = s.assetUser[asset][msg.sender];
if (amount > AssetUser.ercEscrowed) revert Errors.InsufficientERCEscrowed();

AssetUser.ercEscrowed -= amount;
IERC20(asset).safeTransfer(msg.sender, amount);

}