_amount requires to be updated to contract balance increase #25
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/core/contracts/inception/AdminInceptionVault.sol#L149-L154
Vulnerability details
Impact
Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered.
It is required to find out contract balance increase/decrease after the transfer.
This pattern also prevents from re-entrancy attack vector.
Proof of Concept
Tools Used
Recommended Mitigation Steps
Recommended code:
function deposit(address _collateralType, uint256 _amount) public override onlyOwner {
IERC20 asset = IERC20(_collateralType);
}
The text was updated successfully, but these errors were encountered: