search

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

lack of access control for Salt.burnTokensInContract( ) #692

Closed c4-bot-7 closed 9 months ago

c4-bot-7 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/Salt.sol#L25 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/Liquidizer.sol#L132 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/staking/Staking.sol#L101

Vulnerability details

Impact: An attacker can burn without any access control.

Proof of Concept

We can find the following logic process:Liquidizer.performUpkeep--->salt.burnTokensInContract() Staking.recoverSALT--->salt.burnTokensInContract(); But there are no access control for burn process.

Tools Used

vscode foundry

Recommended Mitigation Steps

we can define some role,which have access control for the function of burnTokensInContract of Salt.

Assessed type

Access Control

c4-judge commented 9 months ago

Picodes marked the issue as unsatisfactory: Insufficient proof