shealtielanz - The USSD contract doesn't have any mechanism for Redeeming.

[sherlock-admin]

shealtielanz

high

The USSD contract doesn't have any mechanism for Redeeming.

Line of code

Summary

The USSD Contract doesn't have the redeem function, which is responsible for providing a collateral for an equal amount of USSD.

Vulnerability Detail

The documentation of USSD(White-Paper) it explicity states that.

If there is positive DAI balance in the collateral, USSD contract can provide DAI for equal amount of USSD in return (that would be burned, contracting supply).
At any given time, USSD can be minted using DAI as collateral at 1-to-1 ratio, expanding total USSD supply.
Ability to mint and redeem USSD for DAI could serve as incentives to re- balance the coin when this is economically viable (covering the gas expenses). 

Although this was just a simple mistake that could be made by anyone, an expection of the redeem function was made, but the implemention of the mintForToken function was made in the USSD contract,

    function mintForToken(
        address token,
        uint256 tokenAmount,
        address to
    ) public returns (uint256 stableCoinAmount) {
        require(hasCollateralMint(token), "unsupported token");

        IERC20Upgradeable(token).safeTransferFrom(
            msg.sender,
            address(this),
            tokenAmount
        );
        stableCoinAmount = calculateMint(token, tokenAmount);
        _mint(to, stableCoinAmount);

        emit Mint(msg.sender, to, token, tokenAmount, stableCoinAmount);
    }

Impact

The reasons why there should be a redeem function, is all stated in the docs, below is a snippet of one.

These methods also could be used to help USSD recover in negative scenarios: if USSD value falls below 1 DAI and there are less than 1 DAI reserves per USSD to refill the reserves allowing the USSD to recover it's price by reducing supply (at the expense of the agent performing that).

The exemption of a redeem function has both economical and protocol based logic effects, as stated in the WhitePaper.

Code Snippet

Chapter 4 Link to the Docs
https://github.com/USSDofficial/ussd-contracts/blob/f44c726371f3152634bcf0a3e630802e39dec49c/contracts/USSD.sol#LL151C1-L167C6

Tool used

Manual Review.

Recommendation

The solution to this would be to create a mechanism for redeeming.

• A function to calculate the amount of ussd to burn for a collateral.
• A function to redeema token for USSD. A dummy for how theredeem function should look like.

    function redeemForUSSD(
        uint256 amount,
        address to
    ) public returns (uint256 collateral) {
        require(balance[msg.sender] > amount, "insufficient balance bro");
        collateral = calculateBurn(USSD, amount);
        _burn(address(this), amount);
      USSD.safeTransfer(
            to,
            amount
        );
        emit BURN(msg.sender, to, token, tokenAmount, stableCoinAmount);
    }

Remember this is a dummy and the redeemForUSSd and other functions it may call should be implemented correctly.

Duplicate of #958