Skip to content

Latest commit

 

History

History
41 lines (25 loc) · 1.06 KB

025.md

File metadata and controls

41 lines (25 loc) · 1.06 KB

cjm00n

high

missing access control in mintRebalancer()

Summary

The mintRebalancer() function in USSD.sol can be called by any user. Anyone can call the function to arbitrarily manipulate the total supply of USSD and the reserved USSD in USSD contract.

Vulnerability Detail

The mintRebalancer() function in USSD.sol can be called by any user

function mintRebalancer(uint256 amount) public override {
    _mint(address(this), amount);
}

Impact

Anyone can call the function to arbitrarily manipulate the total supply of USSD and the reserved USSD in USSD contract, which will affect the price of UUSD. So attacker can exploit this function to gain profit and destroy the exchange rate of USSD

Code Snippet

USSD.sol#L204

function mintRebalancer(uint256 amount) public override {
    _mint(address(this), amount);
}

Tool used

Manual Review

Recommendation

Add onlyBalancer modifier to the function