Chinmay - modifyPositions functionality may unnecessarily fail

[sherlock-admin]

Chinmay

medium

modifyPositions functionality may unnecessarily fail

Summary

The decreaseCurrentMInted function of TAU.sol doesn't work correctly. Hence the token minted number is never reduced when they are burned.

Vulnerability Detail

Several of the logic branches in modifyPositions requires TAU to be burned or minted. However minting is not possible if the set Mint Limit is crossed. While mint limit can be increased by the governance, this is a concern because on burning the tokens currentMinted value is incorrectly updated.

When we call burnFrom at Line 300 in BaseVault.sol the account parameter is actually the msg.sender of the call. THe burnFrom function calls decreaseCurrentMinted function with the same account parameter it was supplied with, and then it tries to reduce currentMinted value of this "account" which is actually the msg.sender who was trying to modify his position.

When we try to set mint limit, we are limiting mints to a vault address, and this should be consistent while burning too.

Impact

The above call flow explains that the currentMinted value for the vault never actually gets decreased it only keeps increasing. Thus minted tokens may cross the mint limit set for the vault and halt further execution including modifyPositions function. While the mint limit can be changed by governance but until the governance comes to know about this, the user is griefed and couldn't withdraw his collateral when he wanted to.

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/TAU.sol#L79

Tool used

Manual Review

Recommendation

The line L#79 should be changed to accountMinted = currentMinted[msg.sender] because msg.sender here is the vault address.

Duplicate of #149