trust1995
commented
1 year ago Admin can always call setMintLimit() to update the limit if amount is deemed insufficient in long term. This is more of a design decision.
Closed code423n4 closed 1 year ago
trust1995
commented
1 year ago Admin can always call setMintLimit() to update the limit if amount is deemed insufficient in long term. This is more of a design decision.
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Invalid
c4-sponsor
commented
1 year ago ypatil12 marked the issue as sponsor disputed
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L212
Vulnerability details
Impact
This issue is more about the design of CashManager.
In CashManager contract, each epoch has a limit for total mint and redeem amount. Attacker can abused this limit, spam minting, redeeming and repeat to DOS other users.
In addition,
mintFeeis initialized with value0, which means attacker cost is zero. If he hit the limit, no one can use CashManager contract to mint or redeem in that epoch anymore.Proof of Concept
As we can see,
mintFeeis set to0when contract is deployedAnd function
constructor()did not set it either. https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L127Tools Used
Manual Review
Recommended Mitigation Steps
Consider setting
mintFee > 0when deploy the contract.