search

hats-finance / Euro-Dollar-0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd

Audit competition repository for Euro-Dollar (0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd)
https://hats.finance
MIT License
3 stars 2 forks source link

Centralization risk allows to burn / steal tokens from anyone #23

Open hats-bug-reporter[bot] opened 2 weeks ago

hats-bug-reporter[bot] commented 2 weeks ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x6fae2ca3c91878d5d2a921355875b844e18bcd0f6bb19038a932bb995518a03f Severity: medium

Description: Description\ src/InvestToken.sol::recover allows burning stealing tokens from an arbitrary address and minted the burned amount to an arbitrary address

Attack Scenario\ src/InvestToken.sol::recover allows burning stealing tokens from an arbitrary address and minted the burned amount to an arbitrary address, so an user can lost all of his investment if a user with a RESCUER_ROLE decides to use this method with his address as from parameter 

    function recover(address from, address to, uint256 amount) public onlyRole(RESCUER_ROLE) returns (bool) {
        _burn(from, amount);
        _mint(to, amount);

        emit Recovered(from, to, amount);

        return true;
    }

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional)

AndreiMVP commented 2 weeks ago

We'll assume RESCUER_ROLE is trusted. This is similar function to what other stablecoins have for compliance reasons