8olidity - Logic Error in _decreaseCurrentMinted

[sherlock-admin]

8olidity

high

Logic Error in _decreaseCurrentMinted

Summary

Logic Error in _decreaseCurrentMinted

Vulnerability Detail

In the TAU.sol contract, _decreaseCurrentMinted is used to reduce a user's currentMinted value.

function _decreaseCurrentMinted(address account, uint256 amount) internal virtual {
    // If the burner is a vault, subtract burnt TAU from its currentMinted.
    // This has a few highly unimportant edge cases which can generally be rectified by increasing the relevant vault's mintLimit.
    uint256 accountMinted = currentMinted[account];
    if (accountMinted >= amount) {
        currentMinted[msg.sender] = accountMinted - amount;//@audit
    }
}

In the last line, the code updates the value of currentMinted[msg.sender], which is incorrect. It should update the value of currentMinted[account].

For example, there are two users A and B. When A calls burn(1), the value of currentMinted[A] will be updated. However, when A calls burnFrom(B,1), the value of currentMinted[A] will still be updated, but it should update the value of currentMinted[B].

Impact

Logic Error in _decreaseCurrentMinted

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/TAU.sol#L81

Tool used

Manual Review

Recommendation

    function _decreaseCurrentMinted(address account, uint256 amount) internal virtual {
        // If the burner is a vault, subtract burnt TAU from its currentMinted.
        // This has a few highly unimportant edge cases which can generally be rectified by increasing the relevant vault's mintLimit.
        uint256 accountMinted = currentMinted[account];
        if (accountMinted >= amount) {
-           currentMinted[msg.sender] = accountMinted - amount; 
+           currentMinted[account] = accountMinted - amount; 
        }
    }

Duplicate of #149