Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-06-LYBRA-FINDINGS-ISSUES-890
HistoryJul 03, 2023 - 12:00 a.m.

contract has the tendency to mint more tokens than it actually has

2023-07-0300:00:00
Code4rena
github.com
6
vulnerability
contract
token-transfer
mitigation
mint function
JSON

Lines of code

Vulnerability details

Impact

If the contract does not have enough esLBR tokens to mint and transfer as rewards, users will not be able to claim their rewards even if they have earned them.

Proof of Concept

There is no check to ensure that the contractโ€™s balance of esLBR tokens is sufficient to cover the reward amount before calling the mint function. If the contractโ€™s balance of esLBR tokens is not enough, the mint function would fail, causing the getReward transaction to revert, and the user wouldnโ€™t receive their rewards.

Tools Used

MAnual

Recommended Mitigation Steps

A check should be added before calling the mint function to ensure that the contract has enough esLBR tokens to cover the reward. The contract can check the balance of esLBR tokens using the IesLBR(esLBR).balanceOf(address(this)) function and compare it with the reward amount. If the balance is greater than or equal to the reward, the mint function can be safely called. Otherwise, the function should revert or handle the situation appropriately (e.g., distribute the available esLBR tokens proportionally to the users).
<https://github.com/seerether/lybra/blob/cc1845d79f88bc6668054bccef3bb628565a9441/lybramitigate31#L6-L8&gt;

Assessed type

Token-Transfer

The text was updated successfully, but these errors were encountered:

All reactions

JSON