code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L596 https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L609 https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L212 https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L626 https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L676 https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L641

Vulnerability details

Impact

Due to the missing validation of mintLimit and redeemLimit this might result in unreasonably low limits, leading to a DoS of the requestMint and requestRedemption function. One user can simply call these functions with the upper limit, resulting in a DoS for all other users.

Proof of Concept

1) Admin sets mintLimit to 1_000_000e6 tokens. 2) Bob calls requestMint with 1_000_000e6 + the fee cost 3) Nobody can participate in the current epoch anymore.

The same issue applies for requestRedemption

Tools Used

VSCode

Recommended Mitigation Steps

Consider applying reasonable lower bounds to setMintLimit and setRedeemLimit

*We do not see this as a centralization issue, this might be more the result of a thoughtless edge-case.

trust1995 commented 1 year ago

Admin can always call setMintLimit() to update the limit if amount is deemed insufficient in long term. This is more of a design decision.

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Invalid

c4-sponsor commented 1 year ago

ypatil12 marked the issue as sponsor disputed

code-423n4 / 2023-01-ondo-findings