Description:
In the mint_stable_coin function from custody contract, there is no validation about the info.sender. As a consequence, anyone could call this function to mint coins to himself/herself using a fake CW20 token.
Code Localtion:
krp-cdp-contracts/contracts/custody/src/contract.rs#L274-312
Description: In the
mint_stable_coin
function from custody contract, there is no validation about theinfo.sender
. As a consequence, anyone could call this function to mint coins to himself/herself using a fake CW20 token. Code Localtion: krp-cdp-contracts/contracts/custody/src/contract.rs#L274-312