New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User can burn their tokens outside of redeem #309
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
Q-34
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Dec 12, 2022
Downgrading to QA as the same thing can happen if someone transfers |
c4-judge
added
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
downgraded by judge
Judge downgraded the risk level of this issue
and removed
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Dec 17, 2022
c4-judge
added a commit
that referenced
this issue
Dec 17, 2022
Picodes changed the severity to QA (Quality Assurance) |
This was referenced Dec 17, 2022
Picodes marked the issue as grade-b |
c4-sponsor
added
the
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
label
Dec 22, 2022
davidprepo marked the issue as sponsor disputed |
If a user wants to cast their tokens into the void, that's their prerogative |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
Q-34
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/3d7a93876a2e5e1d7fe29b5a0e96e222afdc4cfa/contracts/token/ERC20/extensions/ERC20Burnable.sol#L20-L22
Vulnerability details
Impact
User can burn their tokens outside of the redeem function and trap collateral
Proof of Concept
LongShortToken inherits from OZ's ERC20Burnable. This contains a method that allows users to burn their own tokens. Token burned like this won't be able to claim the underlying collateral in the contract and will leave it trapped there permanently.
Tools Used
Manual Review
Recommended Mitigation Steps
In LongShortToken, override the burn methods to only allow the PrePOMarket to burn tokens:
The text was updated successfully, but these errors were encountered: