The Standard

Summary

A user can reenter the mint function and pay "fee" once instead of twice

Vulnerability Details

The mint function doesn't check if the "_to" address is a contract. And the mint function doesn't have any reentrancy guard to prevent a user from reentering the function.

Based on the order of transactions in the mint function, a user can reenter the mint function after this line is called:

"EUROs.mint(_to, _amount);"

So, when it gets to this following line:

EUROs.mint(ISmartVaultManagerV3(manager).protocol(), fee);

The mint function would have been reentered and the first "fee" would have been overwritten by the reentrancy - which will be the second fee in this case. By this, a user will not pay for the first mint. The user will only pay for the second mint.

A user can maximize this attack by minting a large amount in the first call (knowing fully well that the fee will be overwritten by the second call) then mint a small amount in the second mint function call (reentrancy) to pay a small amount of fee. The amount of fee to be paid is dependent on the quantity minted.

This attack would be possible if the user has enough collateral.

Impact

Users can avoid to pay protocol fee when minting.

Tools Used

Manual review

Recommendations

I suggest use of OpenZeppelin reentrancy guard.