Function mint in Minter.sol is incompatible with fee-on transfer or rebase tokens

Summary

There is a function in the Minter.sol contract that allows for manual minting of the BOOST token and transfers the corresponding collateral into the Treasury.

By pairing BOOST with a fee-on transfer or rebase token, the transferred collateral or backing could be understated or overstated resulting to a miscalculation in the value/supply of the BOOST token.

Root Cause

The aforementioned function is located at: https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/Minter.sol#L77-L85

Internal pre-conditions

The BOOST token is paired with a fee-on transfer or rebase token.

External pre-conditions

Not applicable

Attack Path

Pairing with a fee-on transfer or rebase token upon initialization or changing the collateral via the setTokens function.
Manually calling the mint function in the Minter.sol contract.

Impact

The BOOST collateral or backing could be understated or overstated resulting to an unintended price/token supply calculation.

PoC

No response

Mitigation

Consider creating a safeguard for fee-on transfer or rebase tokens to prevent unintended results, or explicitly declaring the results when pairing with such tokens.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

079.md

079.md

Function mint in Minter.sol is incompatible with fee-on transfer or rebase tokens

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

079.md

Latest commit

History

079.md

File metadata and controls

Function mint in Minter.sol is incompatible with fee-on transfer or rebase tokens

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation