Missing validation can lead to Minter contract minting different boost tokens

Summary

There is no validation check that the minter contract set in the MasterAMO.sol initialize() method has same boost token address or not. There is no way to update boost address later because of the missing setter function.

Root Cause

There is missing validation in initialize() that the underlying boost token of Minter contract should be same as boost token of MasterAMO contract.

https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/MasterAMO.sol#L122

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Both method _mintAndSellBoost() and _addLiquidity() will revert because of insufficient boost tokens minted.

PoC

No response

Mitigation

Add a check to verify as below in initialize():

if(!(IMinter(boostMinter_).boostAddress() == boost_)) {
    revert INVALID_MINTER_ADDRESS();
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

011.md

011.md

Missing validation can lead to Minter contract minting different boost tokens

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

011.md

Latest commit

History

011.md

File metadata and controls

Missing validation can lead to Minter contract minting different boost tokens

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation