c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Insufficient quality
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L817 https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L433
Vulnerability details
Impact
The minimum amount of CASH that can be redeemed can change mid epoch. Changes in these parameters should be possible only if there are no registered redemptions for the epoch.
Proof of Concept
See above
Tools Used
None
Recommended Mitigation Steps
Check that the registered deposits and redemptions for the current epoch are 0, or refund them first.