Omniscia Tangible Audit
USTB Manual Review Findings
USTB Manual Review Findings
UST-01M: Insecure Burning Operation
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | USTB.sol:L100-L103 |
Description:
The USTB::burn function can be invoked by anyone with any from member, effectively compromising all balances held by all accounts in the system as any malicious user can simply burn the balance of another while acquiring the UNDERLYING tokens themselves.
Impact:
All funds held by the USTB contract are presently at risk due to an insecure burn mechanism.
Example:
src/USTB.sol
100function burn(address from, uint256 amount) external mainChain(true) {101 _burn(from, amount);102 IERC20(UNDERLYING).safeTransfer(msg.sender, amount);103}Recommendation:
We advise the code to properly evaluate an allowance between the from member and the msg.sender, ensuring that the USTB::burn operation is securely performed.
Alleviation (3a0386718027f5d784cd2030ce58a9ed68ecc2eb):
The code properly consumes allowance from the msg.sender if the from address specified does not match them, ensuring that burn operations are correctly authorized and cannot tap into the balances of other users by unauthorized parties.