Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FonDevs - rounding down can cause address to to get free IBoostStablecoin tokens. #311

Open
sherlock-admin4 opened this issue Oct 29, 2024 · 0 comments
Open

FonDevs - rounding down can cause address to to get free IBoostStablecoin tokens. #311

sherlock-admin4 opened this issue Oct 29, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Oct 29, 2024
edited by sherlock-admin2
Loading

FonDevs

High

rounding down can cause address to to get free IBoostStablecoin tokens.

Summary

if 10 ** (boostDecimals - collateralDecimals) > amount the address to gets IBoostStablecoin without any collateral

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/Minter.sol#L77C5-L85C6

Root Cause

there is no check if 10 ** (boostDecimals - collateralDecimals) > amount

Internal pre-conditions

No response

External pre-conditions

  1. 10 ** (boostDecimals - collateralDecimals) > amount
  2. IERC20Upgradeable(collateralAddress) doesn't revert on 0 transfer

Attack Path

No response

Impact

the address to gets free IBoostStablecoin tokens.

PoC

No response

Mitigation

consider using a custom function to convert the amount between the tokens
@sherlock-admin2 sherlock-admin2 changed the title Loud Beige Starfish - rounding down can cause address to to get free IBoostStablecoin tokens. FonDevs - rounding down can cause address to to get free IBoostStablecoin tokens. Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4