ETH_DUAToken Manual Review Findings

ETH-01M: Potentially Insufficient Blacklist Restriction

Type	Severity	Location
Logical Fault		ETH_DUAToken.sol:L147-L150

Description:

The DUAToken::_beforeTokenTransfer function is meant to prevent a blacklisted role from transmitting tokens, however, the code would still permit a blacklisted address to perform f.e. an ERC20::transferFrom instruction on other addresses.

Impact:

As an example, the DUAToken administrators may wish to prevent an authorized contract from performing transactions (i.e. because it was compromised and the allowances set to it are at risk, like the recent SushiSwap incident). This is presently impossible as the DUAToken::_beforeTokenTransfer function solely evaluates the from and to members and does not evaluate the caller themselves.

Example:

Copy
143/**
144 * @dev See {ERC20-_beforeTokenTransfer}.
145 * @dev Checks if (to and from) addresses are blacklisted and calls normal _beforeTokenTransfer.
146 */
147function _beforeTokenTransfer(address from, address to, uint256 amount) whenNotPaused internal virtual override(ERC20, ERC20Pausable) {
148    require(!hasRole(BLACKLISTED_ROLE, from), "Token transfer refused. Sender is blacklisted.");
149    require(!hasRole(BLACKLISTED_ROLE, to), "Token transfer refused. Receiver is blacklisted.");
150}

Recommendation:

As a BLACKLISTED_ROLE address should not be able to perform transactions either directly from its balance or indirectly from other people's balances, we advise the code to also ensure that the msg.sender does not have the BLACKLISTED_ROLE thus preventing blacklisted users from performing any type of transfer in the DUAToken.

Alleviation:

The DUAToken::_beforeTokenTransfer function was updated to also validate that the msg.sender is not blacklisted, thus alleviating this exhibit in full.