Burn request emitted on identical amounts
Description
A user can request to burn some of their tokens by calling the requestBurn
function. The function creates or updates the burnRequests
in storage with the new amount:
function requestBurn(uint256 amount) external {
Storage.Layout storage $ = Storage.layout();
if (amount == 0) {
revert RequestBurn__AmountIsZero();
}
(, uint256 currentBurnAmount) = $.burnRequests.tryGet(_msgSender());
$.burnRequests.set(_msgSender(), amount);
if (amount < currentBurnAmount) {
_transfer(address(this), _msgSender(), currentBurnAmount - amount);
} else if (amount > currentBurnAmount) {
_transfer(_msgSender(), address(this), amount - currentBurnAmount);
}
emit BurnRequested(_msgSender(), amount);
}
Finally, it emits a BurnRequested
event. However, if a user calls this function twice with the same amount, two identical events are emitted, even if no change happens regarding the contract.
Impact
Depending on the usage of this function, if a service or the front end uses those events, they may make misinformed decisions based on those events. For example, if the price of the token is updated and displayed from those events, it would lead to incorrectly displayed prices.
Recommendations
We recommend to revert if the amount is identical to the previous request, since the update is unnecessary.
Remediation
This issue has been acknowledged by Prosper.