Closed code423n4 closed 1 year ago
Admin can always call setMintLimit() to update the limit if amount is deemed insufficient in long term. This is more of a design decision.
trust1995 marked the issue as unsatisfactory: Invalid
ypatil12 marked the issue as sponsor disputed
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L212
Vulnerability details
Impact
This issue is more about the design of CashManager.
In CashManager contract, each epoch has a limit for total mint and redeem amount. Attacker can abused this limit, spam minting, redeeming and repeat to DOS other users.
In addition,
mintFee
is initialized with value0
, which means attacker cost is zero. If he hit the limit, no one can use CashManager contract to mint or redeem in that epoch anymore.Proof of Concept
As we can see,
mintFee
is set to0
when contract is deployedAnd function
constructor()
did not set it either. https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L127Tools Used
Manual Review
Recommended Mitigation Steps
Consider setting
mintFee > 0
when deploy the contract.