search

code-423n4 / 2023-01-ondo-findings

0 stars 0 forks source link

MintLimit can be changed before the epoch ends #345

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L596

Vulnerability details

Impact

mintlimit can be lower than the usual mint limit, resulting in accounting error. Admin can change mint limit halfway and users cannot mint suddenly.

Proof of Concept

The adming controls the setMintLimit() and _mintLimit can be smaller than the oldMintLimit. Also, _mintLimit can be set to zero

  function setMintLimit(uint256 _mintLimit) external onlyRole(MANAGER_ADMIN) {
    uint256 oldMintLimit = mintLimit;
    mintLimit = _mintLimit;
    emit MintLimitSet(oldMintLimit, _mintLimit);
  }

Tools Used

Manual Review

Recommended Mitigation Steps

Make sure the mint limit cannot be set lower in the current epoch. Also, check for zero value.

c4-judge commented 1 year ago

Duplicate of https://github.com/code-423n4/2023-01-ondo-findings/issues/366

c4-judge commented 1 year ago

trust1995 marked the issue as grade-b