Missing access control

Summary

Anyone can mint and burn tokens by calling mintRebalancer() and burnRebalancer()

Vulnerability Detail

In USSD.sol there are several functions which must be called exclusively by rebalancer . mintRebalancer() and burnRebalancer() are 2 of these functions. The issue is that there is no check if msg.sender is rebalancer(as implemented in the onlyBalancer modifier).

Impact

Anyone can mint and burn tokens.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L204-L210

    function mintRebalancer(uint256 amount) public override {
        _mint(address(this), amount);
    }

    function burnRebalancer(uint256 amount) public override {
        _burn(address(this), amount);
    }

Tool used

Manual Review

Recommendation

Add onlyBalancer modifier to mintRebalancer() and burnRebalancer() functions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

050.md

050.md

Missing access control

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

050.md

Latest commit

History

050.md

File metadata and controls

Missing access control

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation