Low
1. Various tokens' permit signature cannot be cancelled
Vulnerability Details
The permit signatures in DEToken.sol, DebtToken.sol and RToken.sol offers the signer the option to create a EIP-712 signature which can be used for seamless approvals. This handles the signature nonce through the _useNonce function
Once a signature is issued, the signer has no means to manually invalidate it, other than executing a transaction associated with a signature (which will increment the nonce through the _useNonce function). This can lead to issues in cases where the signature holder is compromised, the signer has made a mistake, or they simply wish to invalidate an existing signature, as there are no means available for the signer to revoke the signature.
Recommendations
Introduce an external function like IncreaseNonce that will query _useNonce on behalf of msg.sender.
2. RToken has minters and burners but they cannot burn or mint RTokens.
Vulnerability Details
RToken.sol holds the setMinter and setBurner functions, which allowss the owner to set the minter and burner.
But the mint and burn functionalities can only be called by reserve pool making the minter and burner roles redundant.
Recommendations
Remove the functionalities or allow the reserve pool as the minter and burner and updating the access controls on the mint and burn functions to allow minters and burners.
Lead Judging Commences
RToken minter and burner not used
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.