The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[M-01] The `SmartVaultV3::mint` function has an error in the parameter passed to the `fullyCollateralised()` function, significantly impairing the functionality of the protocol.

0x996

Description:

  1. The require statement in the SmartVaultV3::mint function is incorrect due to an error in the parameter passed to the fullyCollateralised() function. In the code require(fullyCollateralised(_amount + fee), UNDER_COLL);, it should check whether the Smart Vault remains adequately collateralized after minting the _amount of EUROs. Therefore, the fee (fee) should not be added to the quantity checked.

  2. The code minted = minted + _amount + fee; also has a problem. Since minted is updating the quantity, the fee parameter should not be added.

Impact:

Incorrect parameter passed to the fullyCollateralised() function and incorrect updating of minted result in unexpected behavior when the owner calls the mint function. This significantly impairs the functionality of the protocol.

Recommended Mitigation:

The correct code should be:

- require(fullyCollateralised(_amount + fee), UNDER_COLL);
+ require(fullyCollateralised(_amount), UNDER_COLL);
- minted = minted + _amount + fee;
+ minted = minted + _amount;
Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.