Data Validation in MCV1_Wrapper.sol
Closed this issue · 1 comments
sirius651 commented
https://github.com/Steemhunt/mint.club-v2-contract/blob/main/contracts/MCV1_Wrapper.sol#L58
function mint(address token, uint256 tokensToMint, uint256 maxReserveAmount) external {
(uint256 reserveAmount, uint256 royalty) = getReserveForToken(token, tokensToMint);
uint256 reserveRequired = reserveAmount + royalty;
if (maxReserveAmount < reserveRequired) revert MCV1_Wrapper__SlippageLimitExceeded();
BOND.buy(token, reserveRequired, tokensToMint, BENEFICIARY);
}
I'm not sure but the data passed to functions like mint and burn need to be validated. For instance, the tokensToMint and tokensToBurn should be checked to ensure they are within reasonable limits.
sydneyitguy commented
The user input is validated on V1 bond contract.
mint
function is now removed from the wrapper anyway: #45