c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #126
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/RSETH.sol#L47 https://github.com/code-423n4/2023-11-kelp/blob/main/src/RSETH.sol#L54
Vulnerability details
Impact
Buner can burn any amount of rsETH from an arbitrary address, and Minter can mint arbitrary rsETH to any account, which may break anything.
Proof of Concept
Although the bot report mentioned C-risk about the minter and burner, we want to bring up the concern that the burner role might not be a necessary feature that has the ability to burn tokens from anyone's account.
Tools Used
Manual, solodit(https://solodit.xyz/issues/m-03-minterburnerrole-can-burn-any-amount-of-yieldy-from-an-arbitrary-address-code4rena-yieldy-yieldy-contest-git)
Recommended Mitigation Steps
Recommend setting limitations on the burning target at least to avoid user loss. For example, only burn with allowance or burn self-balance.
Assessed type
Other