Platform: Code4rena
Start Date: 11/01/2023
Pot Size: $60,500 USDC
Total HM: 6
Participants: 69
Period: 6 days
Judge: Trust
Total Solo HM: 2
Id: 204
League: ETH
Rank: 40/69
Findings: 1
Award: $36.24
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: CodingNameKiki
Also found by: 0x1f8b, 0x52, 0x5rings, 0xAgro, 0xSmartContract, 0xcm, 0xkato, 2997ms, Aymen0909, BClabs, BPZ, BRONZEDISC, Bauer, Bnke0x0, Deekshith99, IllIllI, Josiah, Kaysoft, RaymondFam, Rolezn, SaeedAlipoor01988, Tajobin, Udsen, Viktor_Cortess, adriro, arialblack14, betweenETHlines, btk, chaduke, chrisdior4, cryptphi, csanuragjain, cygaar, defsec, descharre, erictee, gzeon, hansfriese, horsefacts, joestakey, koxuan, lukris02, luxartvinsec, nicobevi, oyc_109, pavankv, peanuts, rbserver, scokaf, shark, tnevler, tsvetanovv, zaskoh
36.2377 USDC - $36.24
Minting will break if mintFee is set to zero
uint256 feesInCollateral = _getMintFees(collateralAmountIn); uint256 depositValueAfterFees = collateralAmountIn - feesInCollateral; _checkAndUpdateMintLimit(depositValueAfterFees); collateral.safeTransferFrom(msg.sender, feeRecipient, feesInCollateral);
CashManager#requestMint attempts to transfer fee to feeRecipient even if there is no fee to transfer (i.e. mintFee == 0). This will break minting for tokens that do not support zero value transfers if mintFee == 0.
Manual Review
Only transfer fees if there are fees to transfer:
uint256 feesInCollateral = _getMintFees(collateralAmountIn); uint256 depositValueAfterFees = collateralAmountIn - feesInCollateral; _checkAndUpdateMintLimit(depositValueAfterFees); - collateral.safeTransferFrom(msg.sender, feeRecipient, feesInCollateral); + if(feesInCollateral != 0) { + collateral.safeTransferFrom(msg.sender, feeRecipient, feesInCollateral); + }
#0 - c4-judge
2023-01-23T14:24:46Z
trust1995 changed the severity to QA (Quality Assurance)
#1 - c4-judge
2023-01-23T14:24:54Z
trust1995 marked the issue as grade-b