saidam017
high
mintRebalancer() and burnRebalancer() are missing onlyBalancer modifier, make it callable by anyone.
mintRebalancer() and burnRebalancer() are crucial functions, used by USSDRebalancer inside rebalancing process that eventually will impact USSD price. However, currently the function is callable by anyone, malicious user can arbitrary mint and burn USSD amount to the USSD contract.
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L204-L210
// missing `onlyBalancer` modifier
function mintRebalancer(uint256 amount) public override {
_mint(address(this), amount);
}
// missing `onlyBalancer` modifier
function burnRebalancer(uint256 amount) public override {
_burn(address(this), amount);
}https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L212-L215
// modifier is defined, but not used
modifier onlyBalancer() {
require(msg.sender == address(rebalancer), "bal");
_;
}Malicious user can call these functions, trigger rebalance, impacting the price and make favorable trade.
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L204-L210
Manual Review
Implement the modifier inside mintRebalancer() and burnRebalancer() :
// missing `onlyBalancer` modifier
function mintRebalancer(uint256 amount) public override onlyBalancer {
_mint(address(this), amount);
}
// missing `onlyBalancer` modifier
function burnRebalancer(uint256 amount) public override onlyBalancer {
_burn(address(this), amount);
}