Closed c4-bot-7 closed 6 months ago
0xRobocop marked the issue as insufficient quality report
Inconsequential: balanceOf
has few wei's fluctuations to rounding, but the actual accounting (rOUSGToken.sharesOf(alice) + rOUSGToken.sharesOf(bob);
) is consistent
3docSec marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/rOUSG.sol#L501-L519
Vulnerability details
Impact
Users will increase their balances just by transferring funds a malicious user can use this to have more balance with multiple EOA that transfer rOUSG and shares in order to steal funds.
Proof of Concept
Alice mint some rOusg transfer an amount to bob and then transfer 1 share it will increase the sum of both balances. Here is a test that proves that :
just copy past it in the rOUSG.t.sol file and setUp a fork environment.
Tools Used
Echidna
Recommended Mitigation Steps
In think the problem is that the system is too permissive about the sum of shares that you can transfer. I recommend to have a minimum amount for transferring shares .
Assessed type
MEV