ravikiran.web3
high
mintRebalance and burnRebalancer are exposed as public function which means any one can call these functions and create an imbalance between the supply of USSD and Collateral. This will impact the rebalancing logic and net value of USSD against the dai value.
mint and burn should be operated by the rebalancer which evaluates the USSD against the collateral and decide on whether to add supply or remove supply. But, since these functions are exposed as public, the USSD token value can be manipulated by any one.
USSD value can be easily manipulated.
function mintRebalancer(uint256 amount) public override { _mint(address(this), amount); }
function burnRebalancer(uint256 amount) public override { _burn(address(this), amount); }
Manual Review
Attach the onlyBalancer() modifier to both the above functions so that the functions are not availabe to every one, but only to the rebalancer contract.