Skip to content

Latest commit

 

History

History
39 lines (21 loc) · 867 Bytes

132.md

File metadata and controls

39 lines (21 loc) · 867 Bytes

Soft Mulberry Narwhal

Medium

When the treasury is modified, the treasury balance is not modified

Summary

The function setTreasury doesn't transfer the funds left in the treasury.

Root Cause

https://github.com/sherlock-audit/2024-10-axion/blob/c65e662999d0c79439703fc6713814b4ad023e01/liquidity-amo/contracts/Minter.sol#L73 In Minter.sol:71, there is a missing line : IERC20Upgradeable(token).safeTransfer(treasury, amount);

Internal pre-conditions

  1. The treasury balance is not equal to zero.

External pre-conditions

No response

Attack Path

  1. the admin call setTreasury

Impact

The protocol suffers an approximate loss of the amount of the treasury balance.

PoC

No response

Mitigation

Add a requirement about the balance of the treasury in line 72 : require ( IERC20Upgradeable(token).balanceOf(treasury) ==0);