DittoETH

Summary

The withdrawDittoReward() function in the YieldFacet contract relies on the mint() function in the Ditto contract to create and distribute Ditto rewards to users. If the mint() function were to revert, it would prevent the withdrawDittoReward() function from successfully executing, effectively locking the Ditto rewards in the contract.

Vulnerability Details

If the .mint(...) function call were to fail and revert, the entire transaction would fail and revert as well. This means that the user would not be able to withdraw their Ditto rewards.

Impact

The potential impact of this vulnerability includes:

User Impact: Users would not be able to claim their Ditto rewards, leading to user dissatisfaction and loss of trust in the platform.

Contract State: The Ditto rewards would remain unclaimed in the contract.

Gas Costs: Users would still have to pay for gas costs for the failed transactions, leading to financial loss.

Tools Used

Manual review
The can be mitigated by using _safeMint.

Recommendations

https://solodit.xyz/issues/m-02-xc20wrapper-may-lose-received-token-forever-if-localassetxc20mint-is-reverted-indefinitely-code4rena-axelar-network-axelar-network-git

Ensure that the mint() function is robust and handles all potential error conditions appropriately.
Consider using a try/catch construct in the withdrawDittoReward() function to handle potential reverts in the mint() function.