Core Contracts

Summary

The current implementation of the ZENO token system presents a critical vulnerability where users can exploit the redemption process to deplete the auction's token supply without incurring any cost. This flaw allows malicious actors to purchase ZENO tokens, redeem them for an equivalent amount of USDC, and repeat the process until the auction's allocation is exhausted, effectively draining the system and preventing legitimate participants from acquiring tokens.

Vulnerability Details

In the Auction.sol contract, the buy function enables users to purchase ZENO tokens by transferring USDC to the business address. However, the redeem and redeemAll functions in the ZENO.sol contract allow users to burn their ZENO tokens in exchange for an equivalent amount of USDC, without adjusting for the token's purchase price.

• buy

• redeem

• redeemAll

This setup creates a loophole where a user can:

1. Buy ZENO tokens from the auction after maturity date.

2. Redeem the same amount of ZENO tokens for the exact USDC amount spent.

3. Repeat the process until the auction's token supply is depleted.

For example, if the auction has 5 ZENO tokens priced at 2 USDC each, a malicious user can:

• Buy 1 ZENO token for 2 USDC.

• Redeem 1 ZENO token to receive 2 USDC back.

• Repeat this process five times, ultimately depleting the auction's supply without any net expenditure.

Impact

This vulnerability allows malicious users to drain the auction's token supply without any financial loss, effectively rendering the auction ineffective. Legitimate participants are prevented from purchasing tokens, and the auction fails to generate the intended revenue, undermining the system's integrity and financial viability.

Tools Used

Manual Review

Recommendation

Ensure that the auction's totalRemaining count is accurately updated upon redemption.