duc - The function burnFrom of token TAU is incorrect, leading to the vault can mint only a part of its limit

[sherlock-admin]

duc

medium

The function burnFrom of token TAU is incorrect, leading to the vault can mint only a part of its limit

Summary

Function burnFrom of token TAU is incorrect, that it calls _decreaseCurrentMinted with address account. It will not pass the check of currentMinted in functio _decreaseCurrentMinted, and currentMinted of vault will not be decreased. Then the vault can mint only a part of its limit.

Vulnerability Detail

In contract TAU.sol:

function burnFrom(address account, uint256 amount) public virtual override {
    super.burnFrom(account, amount);
    _decreaseCurrentMinted(account, amount);
}

function _decreaseCurrentMinted(address account, uint256 amount) internal virtual {
    // If the burner is a vault, subtract burnt TAU from its currentMinted.
    // This has a few highly unimportant edge cases which can generally be rectified by increasing the relevant vault's mintLimit.
    uint256 accountMinted = currentMinted[account];
    if (accountMinted >= amount) {
        currentMinted[msg.sender] = accountMinted - amount;
    }
}

Only the vaults can mint TAU tokens, it means other addresses always have currentMinted = 0. Then currentMinted[msg.sender] (currentMinted of the vault) will not be decreased.
Function burnFrom is always called when the vault modify or liquidate positions of users. The more actions, the less TAU tokens can be minted by this vault.

Impact

Only a part of the vault's mint limit that TAU tokens can be minted.

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/TAU.sol#L71-L74

Tool used

Manual review

Recommendation

Fix function burnFrom as the following:

function burnFrom(address account, uint256 amount) public virtual override {
    super.burnFrom(account, amount);
    _decreaseCurrentMinted(msg.sender, amount);
}

Duplicate of #149