Closed smithmonnnnnnn closed 10 months ago
The mint_stable_coin function of the central contract will be called in two situations: the first situation is that the user mints kUSD while depositing collateral; the second situation is that the user can mint more kUSD if the collateral is sufficient; in the second situation In this case, we need to verify that the initiator of mint and minter have the same address.
fixed
Description: In the
mint_stable_coin
function from central_pool contract, there is no validation that theinfo.sender
is custody contract. As a consequence, anyone could call this function to mint coins to himself/herself without depositing collaterals. Code Location: krp-cdp-contracts/contracts/central_control/src/contract.rs#L512