search

code-423n4 / 2023-01-ondo-findings

0 stars 0 forks source link

Admin account can lose user's collateral #272

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L725 https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L762

Vulnerability details

Impact

This is high risk because funds can be send to the wrong address.

Proof of Concept

https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-send-erc20 https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L725 https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L762

Tools Used

VSCode, Slither

Recommended Mitigation Steps

Recommend considering the use of msg.sender in completeRedemptions() and _processRedemption()

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Insufficient quality