Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 1.36 KB

001.md

File metadata and controls

44 lines (31 loc) · 1.36 KB

ver0759

high

Tokens can be issued infinitely

Summary

The mintRebalancer(uint256 amount) function can be called by everyone, which will lead to unlimited issuance of UUSD without any collateral.

Vulnerability Detail

In the USSD.sol file, the mintRebalancer(uint256 amount) function can be called by anyone:

function mintRebalancer(uint256 amount) public override {
    _mint(address(this), amount);
}

It will cause unlimited issuance of tokens and malicious price manipulation.

For example, if an attacker called the mintRebalancer(uint256 amount) with a large amount before the rebalance() function(In USSDRebalancer.sol), then it will affect the price in the uniswap pool, there are a lot of UUSD and almost 0 DAI in the pool. And the attacker can use a little DAI to swap a lot of UUSD.

Impact

Unlimited issuance of tokens and malicious price manipulation.

Code Snippet

https://github.com/USSDofficial/ussd-contracts/blob/f44c726371f3152634bcf0a3e630802e39dec49c/contracts/USSD.sol#L204-L206

Tool used

Manual Review

Recommendation

Add onlyBalancer modifier to mintRebalancer(uint256 amount) function:

modifier onlyBalancer() {
    require(msg.sender == address(rebalancer), "bal");
    _;
}
function mintRebalancer(uint256 amount) public override onlyBalancer {
    _mint(address(this), amount);
}