The burn function can be called by any address, allowing any address to burn tokens from any account contradicting the comment that states: " * @dev Burn is expected to be called by the Vault.". This can lead to unauthorized token burning, resulting in an unintended reduction of the token supply and potential loss of user funds.
Vulnerability Detail
Missing access control for burn function.
Impact
Any address can burn tokens leading to potential loss of user funds.
newt
medium
Unrestricted Access to
burnFunctionSummary
The
burnfunction can be called by any address, allowing any address to burn tokens from any account contradicting the comment that states: " * @dev Burn is expected to be called by the Vault.". This can lead to unauthorized token burning, resulting in an unintended reduction of the token supply and potential loss of user funds.Vulnerability Detail
Missing access control for
burnfunction.Impact
Any address can burn tokens leading to potential loss of user funds.
Code Snippet
function burn(address _from, uint96 _amount) external { _transferBalance(msg.sender, _from, address(0), _amount); }
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-twab-controller/src/TwabController.sol#L499-L501
Tool used
Manual Review
Recommendation
add a onlyVault modifier
Duplicate of #102