qbs
high
The mintRebalancer and burnRebalancer functions do not have any access control modifiers. This means that anyone can call these functions and manipulate the token supply by minting or burning an arbitrary amount of tokens.
The functions mintRebalancer and burnRebalancer lack proper access control measures, such as modifiers, to restrict their usage. As a result, any external entity can invoke these functions without any authorization or restrictions. This opens up the possibility for malicious actors to manipulate the token supply by minting or burning tokens in arbitrary amounts.
Anyone can arbitrarily mint and burn USSD tokens.
function mintRebalancer(uint256 amount) public override {
_mint(address(this), amount);
}
function burnRebalancer(uint256 amount) public override {
_burn(address(this), amount);
}Manual Review
Implement access control mechanisms or modifiers in the mintRebalancer and burnRebalancer functions. One possible solution is to add a modifier like onlyBalancer, which ensures that only the specified rebalancer address can call these functions.