Anyone can mint/burn `USSD` tokens

Summary

There are no restrictions on minting and burning tokens. An attacker can manipulate the collateral factor by minting an and burning arbitrary amounts of USSD tokens.

Vulnerability Detail

The functions mintRebalancer(uint256 amount) and burnRebalancer(uint256 amount) can be called by anyone, anytime with any amount passed.

Impact

Manipulating collateral factor and depegging USSD.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L204-L206 https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L208-L210

Tool used

Manual Review

Recommendation

Add onlyBalancer modifier to ensure it can only be called by the Rebalancer contract.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

084.md

084.md

Anyone can mint/burn `USSD` tokens

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

084.md

Latest commit

History

084.md

File metadata and controls

Anyone can mint/burn USSD tokens

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Anyone can mint/burn `USSD` tokens