search

code-423n4 / 2022-02-jpyc-findings

1 stars 0 forks source link

Minters Who Have Their Role Removed Can Make Use of Any Undistributed Tokens #14

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v1/FiatTokenV1.sol#L344-L353 https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v1/FiatTokenV1.sol#L361-L375 https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v1/FiatTokenV1.sol#L127-L150

Vulnerability details

Impact

Master minters can assign minters with an allowed amount. Upon adding a minter, these values are set correctly. However, if a minter is removed from the protocol, any balance that they had minted but not yet distributed will not be burnt. It is also possible that minters will front-run the removal action to mint any allowed token amount that they have not yet minted.

Proof of Concept

Tools Used

Manual code review.

Recommended Mitigation Steps

Ensure this is understood and consider burning a minter's tokens when removeMinter() is called. It also might be useful to make use of networks that have front-running protection. For example, Taichi and Flashbots allow for private transactions.

0xywzx commented 2 years ago

duplicate with #5

jack-the-pug commented 2 years ago

Dup #46

CloudEllie commented 2 years ago

Grouping this with the warden’s QA report, #16