we can profit from manipulating ussd token supply and by sandwiching the balance function might be a mix of the bugs off the top.
also, comments say this but we can manipulate the total supply and arbitrage
Vulnerability Detail
Since anyone can call mint and burn on token balance we can increase the collateral factor or sell to much ussd because it thinks the pool total supply Of USSD is to much when in reality the 2 values of totalSupply are out of sync.
Impact
never sell too much USSD for DAI so it 'overshoots' (becomes more in quantity than DAI on the pool)
if (uniPool.token0() == USSD) {
daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD);
IUSSD(USSD).UniV3SwapInput(bytes.concat(abi.encodePacked(uniPool.token0(), hex"0001f4", uniPool.token1())), amount);
daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD) - daibought; // would revert if not bought
} else {
daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD);
IUSSD(USSD).UniV3SwapInput(bytes.concat(abi.encodePacked(uniPool.token1(), hex"0001f4", uniPool.token0())), amount);
daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD) - daibought; // would revert if not bought
simon135
high
We can profit from public and burn mint function
Summary
we can profit from manipulating ussd token supply and by sandwiching the balance function might be a mix of the bugs off the top. also, comments say this but we can manipulate the total supply and arbitrage
Vulnerability Detail
Since anyone can call mint and burn on token balance we can increase the collateral factor or sell to much ussd because it thinks the pool total supply Of USSD is to much when in reality the 2 values of totalSupply are out of sync.
Impact
Code Snippet
Tool used
Manual Review
Recommendation
Duplicate of #777