Submission Details
Severity:
It is Possible to mint and burn 0 EUROs
Summary
In the contract SmartVaultV3, it is possible to call the mint() and burn() functions with the _amount argument set to 0.
Vulnerability Details
The mint() and burtn() functions do not check wether the _amount argument is greater than 0.
Impact
Even though no tokens will be effectively minted, emitting fake EUROsMinted and EUROsBurned events could be misleading.
Proof of Concept
You can add the following JavaScript test to the smartVaultManager.js test file and observe that events are emitted:
it('can mint with 0 tokens', async () => {
const vault = await ethers.getContractAt('SmartVaultV3', vaultAddress);
let zeroMint = await vault.connect(user).mint(user.address, 0);
await expect(zeroMint).not.to.be.reverted;
await expect(zeroMint).to.emit(vault, 'EUROsMinted').withArgs(user.address, 0, 0);
});
it('can burn 0 tokens', async () => {
const vault = await ethers.getContractAt('SmartVaultV3', vaultAddress);
let zeroMint = await vault.connect(user).burn(0);
await expect(zeroMint).not.to.be.reverted;
await expect(zeroMint).to.emit(vault, 'EUROsBurned').withArgs(0, 0);
});
Tools Used
Manual analysis and Hardhat test.
Recommendations
It is recommended to add a check to verify that _amount is greater than 0.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.