Unrestricted Token Burning Functionality leading to Market Manipulation

[c4-bot-4]

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/YieldToken.sol#L58-L61

Vulnerability details

Impact

The burn() function in YieldToken.sol is used to burn (destroy) a certain amount of tokens held by the caller while also updating yield information associated with the token holder.

Since the burn() function is marked as public, it means that anyone, including malicious actors, can call this function and interact with it. This public accessibility opens up the possibility for abuse and exploitation.

Proof of Concept

• https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/YieldToken.sol#L58-L61

    function burn(uint256 amount) public override {
        IPrincipalToken(pt).updateYield(msg.sender);
        _burn(msg.sender, amount);
    }

Market Manipulation:

Burning a significant portion of tokens could artificially inflate the value of the remaining tokens in circulation, creating a false sense of scarcity. This could lead to market manipulation tactics such as pump-and-dump schemes, where the malicious actor dumps their remaining tokens at inflated prices after manipulating the market.

Tools Used

Manual Review

Recommended Mitigation Steps

To mitigate these issues, token contracts often implement safeguards such as:

• Implementing limits on the maximum amount of tokens that can be burned in a single transaction or within a specified time period.

Assessed type

Access Control

[c4-pre-sort]

gzeon-c4 marked the issue as duplicate of #114

[c4-pre-sort]

gzeon-c4 marked the issue as insufficient quality report

[c4-judge]

JustDravee marked the issue as unsatisfactory: Invalid