Closed code423n4 closed 1 year ago
trust1995 marked the issue as unsatisfactory: Out of scope
If an attacker is able to gain access to the managerAdmin
role they can also mint infinite cash tokens to themselves through the multiexCall
function.
Unless you are able to show how one can gain access to this role. This finding is uninteresting.
tom2o17 marked the issue as sponsor disputed
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L851-L876 https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L855
Vulnerability details
Impact
An attacker to exploit the
setPendingRedemptionBalance
function if they are able to gain the MANAGER_ADMIN role. In the provided code, the function allows theMANAGER_ADMIN
to set the pending redemption balance of a user for a specific epoch. If an attacker is able to gain this role, they could potentially set the pending redemption balance of a user to an arbitrary value, allowing them to steal collateral.Proof of Concept
The
setPendingRedemptionBalance
function allows any account with theMANAGER_ADMIN
role to set the redemption balance of any user for any epoch. This means that an attacker who gains access to theMANAGER_ADMIN
role could potentially use this function to set the redemption balance of any user to an arbitrary value, potentially allowing them to redeem more collateral than they are entitled to.A proof of concept for this vulnerability would involve an attacker gaining access to the
MANAGER_ADMIN
role, and then using thesetPendingRedemptionBalance
function to set their own redemption balance to a large value. They could then call thecompleteRedemptions
function to redeem more collateral than they are entitled to.For example, let's say that
Bob
is an attacker who has gained access to theMANAGER_ADMIN
role. He wants to redeem more collateral than he is entitled to. He can use thesetPendingRedemptionBalance
function to set his own redemption balance to a large value, let's say 100 ether. He can then call thecompleteRedemptions
function to redeem this amount of collateral. However, the correct amount that Bob is entitled to redeem is only 10 ether. So, Bob will be able to steal 90 ether of collateral from the contract.Recommended Mitigation Steps
To fix the issue of incorrect authorization in the
setPendingRedemptionBalance
function, the first step would be to ensure that only the intended parties are able to call the function by adding proper access controls. One way to do this would be to add a require statement that checks if the calling address has theMANAGER_ADMIN
role before allowing the function to proceed.The
onlyRole(MANAGER_ADMIN)
modifier checks that the currentmsg.sender
is in theMANAGER_ADMIN
role. If themsg.sender
is not in the role, the transaction reverts. However, if an attacker is able to gain control of theMANAGER_ADMIN
account, then they would be able to call functions with theonlyRole(MANAGER_ADMIN)
modifier and execute malicious actions, such as stealing collateral in the case of thesetPendingRedemptionBalance
function. This is why in the corrected version of the code, additional security measures such as the use of a whitelist and the use of a nonce are implemented to further secure the function and prevent unauthorized calls.