Description
The cashIn
function in the VirtualToken contract incorrectly mints tokens based on msg.value
(the amount of Ether sent) instead of the amount parameter. This can lead to incorrect token minting when the underlying token is not the native token (e.g., an ERC20 token like USDC).
Impact
When a user deposits an ERC20 token (e.g., USDC), the function transfers the specified amount of the token from the user to the contract. However, it mints VirtualToken based on msg.value
, which is 0 because no Ether is sent with the transaction. This results in no tokens being minted, even though the user has transferred the ERC20 tokens.
Proof of Concept
No poc
Recommended mitigation steps
function cashIn(uint256 amount) external payable onlyWhiteListed { if (underlyingToken == LaunchPadUtils.NATIVE_TOKEN) { require(msg.value == amount, "Invalid ETH amount"); } else { _transferAssetFromUser(amount); } _mint(msg.sender, amount); emit CashIn(msg.sender, amount); }
Check if the Underlying Token is the Native Token:
-If the underlying token is the native token (e.g., ETH), the function checks that msg.value
matches the amount
parameter.
-If the check passes, it proceeds to mint tokens.
Handle ERC20 Tokens:
-If the underlying token is not the native token, the function calls _transferAssetFromUser(amount)
to transfer the specified amount of the ERC20 token from the user to the contract.
Minting Tokens:
-The function mints VirtualToken based on the amount parameter, ensuring that the correct number of tokens is minted regardless of the type of underlying token.