y1cunhui - Not decreasing currentMinted in TAU in some cases

[sherlock-admin]

y1cunhui

medium

Not decreasing currentMinted in TAU in some cases

Summary

In TAU._decreaseCurrentMinted, when accountMinted < amount, the currentMinted is not decreased.

Vulnerability Detail

In TAU._decreaseCurrentMinted:

function _decreaseCurrentMinted(address account, uint256 amount) internal virtual {
        // If the burner is a vault, subtract burnt TAU from its currentMinted.
        // This has a few highly unimportant edge cases which can generally be rectified by increasing the relevant vault's mintLimit.
        uint256 accountMinted = currentMinted[account];
        if (accountMinted >= amount) {
            currentMinted[msg.sender] = accountMinted - amount;
        }
    }

The if statement only decrease currentMinted when accountMinted >= amount. However, if accountMinted < amount(it's possible, since who burn the TAU can be different from who mint TAU to this account), the amount is not decreased.

Impact

In some cases, this will make some vaults get unexpectedly more power to mint. Anyway, it's some unexpected behaviour, so I marked it as Medium.

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/TAU.sol#L76-L83

Tool used

Manual Review

Recommendation

In fact, the currentMinted management in this TAU contract is somehow chaotic. The governance can give power to same vaults to mint TAU, but the power is not just as seen in the mintLimit, since the decrease management is sometimes not working as expected. Combining with abother issue that msg.sender not identical with account, I think this part's related features need to be reconsidered and refactored.

Duplicate of #149