Methodology & Scope
The codebase was audited using a filtered audit technique. A band of (2) auditors scanned the codebase in an iterative process for a time spanning one week.
Starting with the recon phase, a basic understanding was developed and the auditors worked on developing presumptions for the shared codebase and the relevant documentation. Furthermore, the audit moved on with the manual code reviews with the motive to find logical flaws in the codebase complemented with code optimizations, software, and security design patterns, code styles, best practices, and identifying false positives that were detected by automated analysis tools.
It would be a good practice to check the user’s balance before executing the other logic in the function. This helps ensure that the user has enough tokens to perform the burn and prevents them from trying to burn more tokens than they have, which would result in an error. The function could be updated to include a check for the user’s balance before processing the burn.
function redeem(uint256 perpAmtBurnt) external override nonReentrant whenNotPaused afterStateUpdate {
// gets the current perp supply uint256 perpSupply = totalSupply();
// checks user's balance
require(balanceOf(msg.sender) >= perpAmtBurnt, "Not enough tokens");
// verifies if burn amount is acceptable
if (perpAmtBurnt == 0 || perpAmtBurnt > perpSupply) {
revert UnacceptableBurnAmt(perpAmtBurnt, perpSupply); }
// ... rest of the code ... }Recommendation
This function should also verify that the user has sufficient Perp tokens in their balance to burn the specified amount. The absence of this check could allow a malicious user to perform a state-increasing attack by calling this function with a large perpAmtBurnt.
Leave a Reply