code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Bond.sol#L37-L39

Vulnerability details

Impact

The mint function in the RdpxV2Bond contract uses the MINTER_ROLE for role-based access control. This creates a potential conflict as the function is intended to be invoked from the RdpxV2Core contract, which is assigned the RDPXV2CORE_ROLE. The current implementation may not align with the intended access control scheme.

The mint function is called within the _issueBond function in the RdpxV2Core contract as follows:

  function _issueBond(
    address _to,
    uint256 _amount
  ) internal returns (uint256 bondId) {
    bondId = RdpxV2Bond(addresses.receiptTokenBonds).mint(_to);
    bonds[bondId] = Bond({
      amount: _amount,
      maturity: block.timestamp + bondMaturity,
      timestamp: block.timestamp
    });
  }

Tools Used

Manual review

Recommended Mitigation Steps

To align the role-based access control with the intended functionality, consider implementing a custom access control modifier that allows either MINTER_ROLE or RDPXV2CORE_ROLE to invoke the mint function.

   modifier onlyMinterOrCore() {
     require(hasRole(MINTER_ROLE, msg.sender) || hasRole(RDPXV2CORE_ROLE, msg.sender), "Caller is not a minter or core");
     _;
   }

   function mint(
     address to
   ) public onlyMinterOrCore returns (uint256 tokenId) {
     // Function body
   }

Assessed type

Access Control

c4-pre-sort commented 11 months ago

bytes032 marked the issue as low quality report

bytes032 commented 11 months ago

Over inflated severity

The role can be granted later

c4-judge commented 11 months ago

GalloDaSballo changed the severity to QA (Quality Assurance)

code-423n4 / 2023-08-dopex-findings