sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

turvec - Stablecoin currency can still be used by blacklisted users #86

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

turvec

high

Stablecoin currency can still be used by blacklisted users

Summary

Stablecoin currency can still be used by blacklisted users

Vulnerability Detail

Protocol stablecoin intends to include blacklisting to prevent the currency from being used for illicit or nefarious activities. It has a functionality to add an address to the list of blacklisted users and transfer any amount it had in that moment while doing so. However, doesn't actually check addresses against this blacklisted list in any of the transfer functionalities of the currency.

Impact

Stablecoin currency can still be used by blacklisted users for illicit or nefarious activities.

Code Snippet

https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/util/abstract/Blacklist.sol#L62

Tool used

Manual Review

Recommendation

Make use of the blacklisted function, and override the beforeTransfer and check this on the addresses https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/util/abstract/Blacklist.sol#L62

Duplicate of #4

sherlock-admin3 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid; high(1)