Claiming for other users without their consent might lead to undesired disadvantages
Proof of Concept
Consider the following scenario:
1) Alice deposits 1_000_000e6 USDC
2) The epochToExchangeRate for the current epoch is 1e6
3) Alice gambles with the hope that the exchange rate will be changed to 1e5
4) Bob calls claimMint with Alice's address, Alice will receive 1_000_000e18 cash tokens
5) Admin changes epochToExchangeRate to 1e5
6) Alice received less tokens than she expected due to Bob's unauthorized call, if Bob wouldn't have executed the call, Alice would have received 10_000_000e18 cash tokens.
Tools Used
VSCode
Recommended Mitigation Steps
Consider either only allowing msg.sender to claim their own tokens or implement a logic that allows Alice to authorize other addresses to call claimMint on her behalf.
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L241
Vulnerability details
Impact
Claiming for other users without their consent might lead to undesired disadvantages
Proof of Concept
Consider the following scenario:
1) Alice deposits 1_000_000e6 USDC 2) The
epochToExchangeRate
for the current epoch is 1e6 3) Alice gambles with the hope that the exchange rate will be changed to 1e5 4) Bob callsclaimMint
with Alice's address, Alice will receive 1_000_000e18 cash tokens 5) Admin changesepochToExchangeRate
to 1e5 6) Alice received less tokens than she expected due to Bob's unauthorized call, if Bob wouldn't have executed the call, Alice would have received 10_000_000e18 cash tokens.Tools Used
VSCode
Recommended Mitigation Steps
Consider either only allowing
msg.sender
to claim their own tokens or implement a logic that allows Alice to authorize other addresses to callclaimMint
on her behalf.