Submission Details
Severity:
If User want to burn his all `EUROs` token then transaction revert.
Summary
Vulnerability Details
function burn(uint256 _amount) external ifMinted(_amount) {
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
minted = minted - _amount;
EUROs.burn(msg.sender, _amount); // @audit-issue if user burn all its token tx revert
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
emit EUROsBurned(_amount, fee);
}
To burn EURO user must have extra EUROs to pay gas (burn fee)
But If User try to burn all his EUROs in that case Tx revert as there no more EUROs to pay fee.
Its recommended that fee should deducted from inputed _amount and remaining EUROs burned. So that it will not reverted when User want to Burn all his EUROs
Impact
Total burning of EURO will not work for User
Tools Used
Manual Review
Recommendations
There should mechanism where burnFeeColleted should reduced from input _amount and remaining _amount - burnFee get burned. In this way if a user want to burn all his EURo its get sucessful without revert.
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
fee-loss
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933
USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.