code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

lack of access control ,for USDS.mintTo( ) , USDS.burnTokensInContract( ) #668

Closed c4-bot-5 closed 9 months ago

c4-bot-5 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/USDS.sol#L40 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/USDS.sol#L53 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/Liquidizer.sol#L92 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L95

Vulnerability details

Impact: An attacker can mint, burn without any access control.

Proof of Concept

We can find the following logic process:Liquidizer._burnUSDS---->USDS.burnTokensInContract ,CollateralAndLiquidity.borrowUSDS-->USDS.mintTo

But there are no access control for mint and burn process.

Tools Used

vscode foundry

Recommended Mitigation Steps

we can define some role,which have access control for the function of mint 、burn of USDS.

Assessed type

Access Control

c4-judge commented 9 months ago

Picodes marked the issue as unsatisfactory: Invalid