Assessment reports>Prosper Omnichain Fungible Token>Low findings>Burn request emitted on identical amounts
Category: Coding Mistakes

Burn request emitted on identical amounts

Low Severity
Low Impact
Medium Likelihood

Description

A user can request to burn some of their tokens by calling the requestBurn function. The function creates or updates the burnRequests in storage with the new amount:

function requestBurn(uint256 amount) external {
    Storage.Layout storage $ = Storage.layout();

    if (amount == 0) {
        revert RequestBurn__AmountIsZero();
    }

    (, uint256 currentBurnAmount) = $.burnRequests.tryGet(_msgSender());

    $.burnRequests.set(_msgSender(), amount);

    if (amount < currentBurnAmount) {
        _transfer(address(this), _msgSender(), currentBurnAmount - amount);
    } else if (amount > currentBurnAmount) {
        _transfer(_msgSender(), address(this), amount - currentBurnAmount);
    }

    emit BurnRequested(_msgSender(), amount);
}

Finally, it emits a BurnRequested event. However, if a user calls this function twice with the same amount, two identical events are emitted, even if no change happens regarding the contract.

Impact

Depending on the usage of this function, if a service or the front end uses those events, they may make misinformed decisions based on those events. For example, if the price of the token is updated and displayed from those events, it would lead to incorrectly displayed prices.

Recommendations

We recommend to revert if the amount is identical to the previous request, since the update is unnecessary.

Remediation

This issue has been acknowledged by Prosper.

Zellic © 2025Back to top ↑