Platform: Code4rena
Start Date: 01/09/2023
Pot Size: $36,500 USDC
Total HM: 4
Participants: 70
Period: 6 days
Judge: kirk-baird
Id: 281
League: ETH
Rank: 15/70
Findings: 1
Award: $771.30
🌟 Selected for report: 0
🚀 Solo Findings: 0
771.2966 USDC - $771.30
The burn() function which is only able to be called by the owner is used to burn rUSDY (shares) from any account.
The burn function calls _burnShares() which has the _beforeTokenTransfer() check implemented to ensure none of the actions include a non-whitelisted of restricted user.
When calling burn(address _account) it's eventually passed as _beforeTokenTransfer(address _account) where it's checked.
If _account is blacklisted, the function will revert making the admin burn function unusable for that account.
All provided above
Manual review
When called via the admin burn function, skip the _beforeTokenTransfer()
Token-Transfer
#0 - c4-pre-sort
2023-09-08T15:51:30Z
raymondfam marked the issue as duplicate of #120
#1 - c4-pre-sort
2023-09-08T15:51:35Z
raymondfam marked the issue as sufficient quality report
#2 - c4-judge
2023-09-19T09:16:15Z
kirk-baird marked the issue as satisfactory