The mint function in the RdpxV2Bond contract uses the MINTER_ROLE for role-based access control. This creates a potential conflict as the function is intended to be invoked from the RdpxV2Core contract, which is assigned the RDPXV2CORE_ROLE. The current implementation may not align with the intended access control scheme.
The mint function is called within the _issueBond function in the RdpxV2Core contract as follows:
To align the role-based access control with the intended functionality, consider implementing a custom access control modifier that allows either MINTER_ROLE or RDPXV2CORE_ROLE to invoke the mint function.
modifier onlyMinterOrCore() {
require(hasRole(MINTER_ROLE, msg.sender) || hasRole(RDPXV2CORE_ROLE, msg.sender), "Caller is not a minter or core");
_;
}
function mint(
address to
) public onlyMinterOrCore returns (uint256 tokenId) {
// Function body
}
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Bond.sol#L37-L39
Vulnerability details
Impact
The
mint
function in theRdpxV2Bond
contract uses theMINTER_ROLE
for role-based access control. This creates a potential conflict as the function is intended to be invoked from theRdpxV2Core
contract, which is assigned theRDPXV2CORE_ROLE
. The current implementation may not align with the intended access control scheme.The
mint
function is called within the_issueBond
function in theRdpxV2Core
contract as follows:Tools Used
Manual review
Recommended Mitigation Steps
To align the role-based access control with the intended functionality, consider implementing a custom access control modifier that allows either
MINTER_ROLE
orRDPXV2CORE_ROLE
to invoke the mint function.Assessed type
Access Control