This repository has been archived by the owner on May 26, 2023. It is now read-only.
caventa - Fixed-expiry bonds should only be deployed during bond or market creation #4
Labels
Comments
|
Message from sponsor Disagree with this issue. The idea with having open token deployment and token creation functions is to allow users/protocols to use bond tokens even if they don't want to sell them via the auction mechanism. Having a common token for a specific underlying and expiry used across different protocols can allow building enough liquidity for secondary markets. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
caventa
medium
Fixed-expiry bonds should only be deployed during bond or market creation
Summary
Fixed-expiry bonds should only be deployed during bond or market creation.
Vulnerability Detail
Right now, everyone can deploy any fixed-expiry bond contract (See BondFixedExpiryTeller.sol#L158-L163). However, the bond will only be minted during bond creation (See BondFixedExpiryTeller.sol#L126 and BondFixedExpiryTeller.sol#L131). Hence, It is better to deploy the bond during the creation to prevent too many contract addresses without any balance to be deployed.
Impact
Too many fixed-expiry deployed bond contracts were created without any balance
Code Snippet
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/BondFixedExpiryTeller.sol#L158-L163
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/BondFixedExpiryTeller.sol#L126
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/BondFixedExpiryTeller.sol#L131
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/BondFixedExpiryTeller.sol#L107-L108
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/BondFixedExpirySDA.sol#L46
Tool used
Manual Review
Recommendation
The text was updated successfully, but these errors were encountered: