Omniscia Tangible Audit
USTB Manual Review Findings
USTB Manual Review Findings
UST-01M: Insecure Burning Operation
Type | Severity | Location |
---|---|---|
Logical Fault | USTB.sol:L100-L103 |
Description:
The USTB::burn
function can be invoked by anyone with any from
member, effectively compromising all balances held by all accounts in the system as any malicious user can simply burn the balance of another while acquiring the UNDERLYING
tokens themselves.
Impact:
All funds held by the USTB
contract are presently at risk due to an insecure burn mechanism.
Example:
src/USTB.sol
100function burn(address from, uint256 amount) external mainChain(true) {101 _burn(from, amount);102 IERC20(UNDERLYING).safeTransfer(msg.sender, amount);103}
Recommendation:
We advise the code to properly evaluate an allowance between the from
member and the msg.sender
, ensuring that the USTB::burn
operation is securely performed.
Alleviation (3a0386718027f5d784cd2030ce58a9ed68ecc2eb):
The code properly consumes allowance from the msg.sender
if the from
address specified does not match them, ensuring that burn operations are correctly authorized and cannot tap into the balances of other users by unauthorized parties.