The mintFee can be set to 100%. An amount of centralization over the usual is to be expected in a protocol that deals with RWAs and requires KYC but being able to set the fee to 100% is unnecessary, dangerous, and could harm Ondo's reputation.
Proof of Concept
Users often approve an unlimited amount of funds to contracts they interact with, it would therefore be reasonable to assume than many would lose the amount decided by the mintFee variable.
The risk lies both in the reputational damage to Ondo when users realize that a fee can be set to 100%.
Users in the DeFi space have a high standard when it comes to trustlessness and will no
look favorably on unnecessary centralization that can harm users.
There is an additional risk where the manager sets the fee to a very high number by mistake since there
are no checks, this would also harm Ondo's reputation.
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L410-L419
Vulnerability details
Impact
The
mintFee
can be set to 100%. An amount of centralization over the usual is to be expected in a protocol that deals with RWAs and requires KYC but being able to set the fee to 100% is unnecessary, dangerous, and could harm Ondo's reputation.Proof of Concept
Users often approve an unlimited amount of funds to contracts they interact with, it would therefore be reasonable to assume than many would lose the amount decided by the
mintFee
variable.The risk lies both in the reputational damage to Ondo when users realize that a fee can be set to 100%. Users in the DeFi space have a high standard when it comes to trustlessness and will no look favorably on unnecessary centralization that can harm users.
There is an additional risk where the manager sets the fee to a very high number by mistake since there are no checks, this would also harm Ondo's reputation.
Tools Used
Manual Review
Recommended Mitigation Steps
Set a reasonable upper limit.