c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Invalid
c4-sponsor
commented
1 year ago tom2o17 marked the issue as sponsor disputed
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L410-L419
Vulnerability details
Impact
The
mintFeecan be set to 100%. An amount of centralization over the usual is to be expected in a protocol that deals with RWAs and requires KYC but being able to set the fee to 100% is unnecessary, dangerous, and could harm Ondo's reputation.Proof of Concept
Users often approve an unlimited amount of funds to contracts they interact with, it would therefore be reasonable to assume than many would lose the amount decided by the
mintFeevariable.The risk lies both in the reputational damage to Ondo when users realize that a fee can be set to 100%. Users in the DeFi space have a high standard when it comes to trustlessness and will no look favorably on unnecessary centralization that can harm users.
There is an additional risk where the manager sets the fee to a very high number by mistake since there are no checks, this would also harm Ondo's reputation.
Tools Used
Manual Review
Recommended Mitigation Steps
Set a reasonable upper limit.