Skip to content

Latest commit

 

History

History
45 lines (34 loc) · 1.74 KB

096.md

File metadata and controls

45 lines (34 loc) · 1.74 KB

Kose

high

Anyone can mint and burn arbitrary amount of USSD

Summary

Because of missing modifier, anyone can call mintRebalancer() and burnRebalancer() functions with arbitrary amounts.

Vulnerability Detail

USSD.sol#L196-L215

 /*//////////////////////////////////////////////////////////////
                               REBALANCER
    //////////////////////////////////////////////////////////////*/

    function setRebalancer(address _rebalancer) public onlyControl {
        rebalancer = IUSSDRebalancer(_rebalancer);
    }

    function mintRebalancer(uint256 amount) public override {
        _mint(address(this), amount);
    }

    function burnRebalancer(uint256 amount) public override {
        _burn(address(this), amount);
    }

    modifier onlyBalancer() {
        require(msg.sender == address(rebalancer), "bal");
        _;
    }

As we can see from the code, onlyBalancer() modifier has implented but not used in mintRebalancer() and burnRebalancer() functions. Because these functions are public, anyone can call them to mint and burn arbitrary amounts of USSD which can cause protocol to collapse.

Impact

All USSD tokens can be burned and infinite amount of USSD tokens can be minted by anyone. These factors undermine the usefulness and functionality of the protocol.

Code Snippet

USSD.sol#L196-L215

Tool used

Manual Review

Recommendation

Add onlyBalancer modifier to mintRebalancer() and burnRebalancer() functions.