search

code-423n4 / 2023-01-ondo-findings

0 stars 0 forks source link

CASH token cannot be transferred among users and accounts #246

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/token/Cash.sol#L37

Vulnerability details

Impact

Since the CASH token cannot be transferred unless it is explicitly allowed, the users cannot send tokens between accounts, trade it on DEXes, or integrate it into their protocols. This is a non-standard behavior that should be reported to them.

Proof of Concept

None needed

Tools Used

None needed

Recommended Mitigation Steps

Document this for users. Consider a design change. This should not be needed.

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Overinflated severity