The burn function can be called by any address, allowing any address to burn tokens from any account contradicting the comment that states: " * @dev Burn is expected to be called by the Vault.". This can lead to unauthorized token burning, resulting in an unintended reduction of the token supply and potential loss of user funds.
Vulnerability Detail
Missing access control for burn function.
Impact
Any address can burn tokens leading to potential loss of user funds.
newt
medium
Unrestricted Access to
burn
FunctionSummary
The
burn
function can be called by any address, allowing any address to burn tokens from any account contradicting the comment that states: " * @dev Burn is expected to be called by the Vault.". This can lead to unauthorized token burning, resulting in an unintended reduction of the token supply and potential loss of user funds.Vulnerability Detail
Missing access control for
burn
function.Impact
Any address can burn tokens leading to potential loss of user funds.
Code Snippet
function burn(address _from, uint96 _amount) external { _transferBalance(msg.sender, _from, address(0), _amount); }
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-twab-controller/src/TwabController.sol#L499-L501
Tool used
Manual Review
Recommendation
add a onlyVault modifier
Duplicate of #102