user can buy when there's no bonding curve set

2023-11-1700:00:00

Code4rena

github.com

vulnerability

bonding curve

require statement

mitigation

coding

7 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

Users can buy with no bonding curve set

Proof of Concept

function buy(uint256 _id, uint256 _amount) external {
    /// @audit add a check that ensures there's a bonding curve set
    require(shareData[_id].creator != msg.sender, "Creator cannot buy");
    (uint256 price, uint256 fee) = getBuyPrice(_id, _amount); // Reverts for non-existing ID
    SafeERC20.safeTransferFrom(token, msg.sender, address(this), price + fee);
    // The reward calculation has to use the old rewards value (pre fee-split) to not include the fees of this buy
    // The rewardsLastClaimedValue then needs to be updated with the new value such that the user cannot claim fees of this buy
    uint256 rewardsSinceLastClaim = _getRewardsSinceLastClaim(_id);
    // Split the fee among holder, creator and platform
    _splitFees(_id, fee, shareData[_id].tokensInCirculation);
    rewardsLastClaimedValue[_id][msg.sender] = shareData[_id].shareHolderRewardsPerTokenScaled;

    shareData[_id].tokenCount += _amount;
    shareData[_id].tokensInCirculation += _amount;
    tokensByAddress[_id][msg.sender] += _amount;

    if (rewardsSinceLastClaim &gt; 0) {
        SafeERC20.safeTransfer(token, msg.sender, rewardsSinceLastClaim);
    }
    emit SharesBought(_id, msg.sender, _amount, price, fee);
}

Tools Used

Manual Review

Recommended Mitigation Steps

should add a require statement ensuring that there’s a bonding curve set

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

7 High

AI Score

Confidence

Low

JSON