BURNER_ROLE can burn any amount of EthErc20 from an arbitrary address

[code423n4]

Lines of code

https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/schain/tokens/EthErc20.sol#L64

Vulnerability details

Proof of Concept

Using the forceBurn() function of EthErc20, an address with BURNER_ROLE can burn an arbitrary amount of tokens from any address.

We believe this is unnecessary and poses a serious centralization risk.

A malicious or compromised BURNER_ROLE address can take advantage of this.

Recommended Mitigation Steps

Consider removing the BURNER_ROLE and change forceBurn() function to:

    function forceBurn(uint256 amount) external override {
        _burn(_msgSender(), amount);
    }

[cstrangedk]

Duplicate of #16, sponsor disputed, see #16