Submission Details
Severity:
Incorrect Mint amount in 'Streets__unstake'
Summary
In 'Streets__unstake', if the number of days staked are more than 1, users can enjoy credTokens (max 4 for day), the problem here is that the contract send 1 / 1e18 tokens to the user who staked, not 1 token.
PoC
Do this test with foundry:
function test_unstake_IncorrectMintAmount() public {
vm.startPrank(owner); //owner set the streets contract in the credToken and oneShotContract
credToken.setStreetsContract(address(streetsContract));
oneShotContract.setStreetsContract(address(streetsContract));
vm.stopPrank();
address randomAddress = address(12136);
vm.startPrank(randomAddress);
for(uint256 i = 0; i <= 1000; i++){
oneShotContract.mintRapper(); //user mint 1001 tokens
oneShotContract.approve(address(streetsContract), i); // here user approve all nfts to streets contract
streetsContract.stake(i); // here user stake tokens
vm.warp(block.timestamp + 86500); // here we skip the time by 1 day in order to be able to mint 1 token
streetsContract.unstake(i); // here user unstake tokens
assertNotEq(credToken.balanceOf(randomAddress), (i + 1) * 10 ** credToken.decimals()); //balanceOf user should be 1, but doing so it is 1 / his token
//decimals (1e18), so nothing!
}
}
Impact
When users unstake their tokens, they will get basically nothing!
Tools Used
Manual Review, Foundry
Recommendations
Simply do not use '1' in the mint function, instead use '1e18'.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
`unstake` function mints incorrect amount of token
Rewards breakdown
nSLOC
201This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.