Anyone can mint and burn tokens for/from the USSD contract

Summary

Anyone can mint and burn tokens for/from the USSD contract.

Vulnerability Detail

USSD.sol functions mintRebalancer and burnRebalancer can be called by anyone.

An attacker can call mintRebalancer with an amount equal to type(uint256).max - _totalSupply. If new tokens are minted after that, the transaction will revert as _totalSupply will overflow.

Impact

Users can be prevented from mint tokens and the rebalance function will fail if ownval > 1e6 + threshold.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L204-L210

Tool used

Manual Review

Recommendation

Add onlyBalancer modifier to mintRebalancer and burnRebalancer functions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

068.md

068.md

Anyone can mint and burn tokens for/from the USSD contract

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

068.md

Latest commit

History

068.md

File metadata and controls

Anyone can mint and burn tokens for/from the USSD contract

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation