search

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

Tendency - StableCoin BlackListing Feature is Ineffective #71

Closed sherlock-admin4 closed 8 months ago

sherlock-admin4 commented 8 months ago

Tendency

medium

StableCoin BlackListing Feature is Ineffective

Summary

Contrary to the expected behaviour, blacklisted users can still receive, hold and send tokens

Vulnerability Detail

The contract has a blacklist feature that allows the address with the BLACKLISTER_ROLE to blacklist users. Once a user is blacklisted all of the user token holdings are sent to the blacklister.

The problem here is, assuming Bob is blacklisted, it is expected that Bob should no longer be able to:

Bob is expected to be blocked from having any interaction with this token, but it is all currently allowed, no restriction stops a blacklisted address from performing any of the above-mentioned actions and more

Impact

Supposed blacklisted users can continue carrying out illicit activities

Code Snippet

https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/21920190e0772afa18e7f856a036fea3ef5b9635/telcoin-contracts/contracts/util/abstract/Blacklist.sol#L72-L79

Tool used

Manual Review

Recommendation

Restrict blacklisted users from having any interaction with the stablecoin

Duplicate of #4

sherlock-admin2 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid; high(1)