Adjusting Burn Amount Instead of Reverting When Exceeding Balance
Summary
Vulnerability Details
In the burn function of the DebtToken.sol contract, the code currently adjusts the amount to burn to the user's balance if the specified amount exceeds the user's balance. This behavior can lead to unexpected results and should be corrected to revert the transaction if the amount exceeds the user's balance.
If the amount requested to be burned is greater than the user’s balance, instead of reverting, the function silently adjusts the amount to match the balance.
Affected code:
Proof of Concept:
User A has a balance of 100 tokens.
User A calls the burn function with an amount of 150 tokens.
```Instead of reverting, the function adjusts the amount to 100 tokens and proceeds with the burn.`
User A's balance is now 0 tokens, but the transaction did not behave as expected.
Impact
Unexpected Behavior: Users might expect the transaction to revert if they attempt to burn more tokens than they have. Adjusting the amount silently can lead to confusion and unexpected results.
Inconsistent State: Allowing partial burns when the specified amount exceeds the balance can lead to inconsistencies in the system and make it harder to track and debug issues.
Security Risk: This behavior can be exploited by malicious users to manipulate the system, potentially leading to financial losses or other unintended consequences.
Tools Used
Manual review
Recommendations
To ensure the function behaves as expected, it should revert the transaction if the specified amount exceeds the user's balance. This can be done by adding a check and reverting with an appropriate error message.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.