Bright Violet Crocodile
Medium
AmirX::swap() checks that the minSupply is not reduced further of the ss.origin coin in _verifyStablecoinSwap() using the pre set ss.oAmount. However, ss.oAmount will be updated to the difference between the final and initial amounts of ss.origin tokens, which means it may be bigger than the original set amount and lead to burning ss.origin tokens over the minimum value of minSupply.
In AmirX:93, the minimum limits of ss.origin are not verified after ss.oAmount is changed.
None.
None.
AmirX::swap() is called with directional set to true and ss.origin is a Stablecoin XYZ token whose supply is close to the minimum minSupply and due to the update of ss.oAmount, it will burn tokens past the minSupply limit.
The supply of the ss.origin Stablecoin is reduced below the minSupply.
function swap(
address wallet,
bool directional,
StablecoinSwap memory ss,
DefiSwap memory defi
) external payable onlyRole(SWAPPER_ROLE) whenNotPaused {
// checks if it will fail
if (ss.destination != address(0)) _verifyStablecoinSwap(wallet, ss); //@audit supply verification happens here
if (defi.walletData.length != 0) _verifyDefiSwap(wallet, defi);
if (directional) {
// if only defi swap
if (ss.destination == address(0)) _defiSwap(wallet, defi);
else {
// if defi then stablecoin swap
//check balance to adjust second swap
uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
//change balance to reflect change
if (fBalance - iBalance != 0) ss.oAmount = fBalance - iBalance; //@audit ss.oAmount increases
_stablecoinSwap(wallet, ss);
}
} else {
// if stablecoin swap
_stablecoinSwap(wallet, ss);
// if only stablecoin swap
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
}
}Verify that the new ss.oAmount does not reduced the supply of ss.origin token below minSupply.