Platform: Code4rena
Start Date: 29/03/2024
Pot Size: $36,500 USDC
Total HM: 5
Participants: 72
Period: 5 days
Judge: 3docSec
Total Solo HM: 1
Id: 357
League: ETH
Rank: 51/72
Findings: 1
Award: $8.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: immeas
Also found by: 0xAkira, 0xCiphky, 0xGreyWolf, 0xJaeger, 0xMosh, 0xabhay, 0xlemon, 0xmystery, 0xweb3boy, Aamir, Abdessamed, Aymen0909, Breeje, DanielArmstrong, DarkTower, Dots, EaglesSecurity, FastChecker, HChang26, Honour, IceBear, JC, K42, Krace, MaslarovK, Omik, OxTenma, SAQ, Shubham, Stormreckson, Tigerfrake, Tychai0s, VAD37, ZanyBonzy, albahaca, arnie, ast3ros, asui, b0g0, bareli, baz1ka, btk, caglankaan, carrotsmuggler, cheatc0d3, dd0x7e8, grearlake, igbinosuneric, jaydhales, kaden, kartik_giri_47538, m4ttm, ni8mare, niser93, nonn_ac, oualidpro, pfapostol, pkqs90, popeye, radev_sw, samuraii77, slvDev, zabihullahazadzoi
8.2807 USDC - $8.28
The OUSGInstantManager allowed KYC'ed user to mint OUSG by providing USDC. The provided USDC will be transferred to the usdcReceiver , in exchange that the KYC'ed user will be minted OUSG accordingly, based on the price data.
USDC contract on Ethereum (https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48#writeProxyContract) has a blacklist functionalities that prevent the blacklisted address to transfer their funds (out and in).
Since the usdcReceiver will be receiving USDC from the user, its important to make this address mutable, and add a function that can be called by the dafult_admin_role to change the usdcReceiver address. Because if the usdcReceiver ever get blacklisted in the USDC, the KYC'ed user wont be able to mint their OUSG with USDC.
Manual
Other
#0 - c4-pre-sort
2024-04-04T23:18:04Z
0xRobocop marked the issue as duplicate of #227
#1 - c4-judge
2024-04-09T09:18:55Z
3docSec changed the severity to QA (Quality Assurance)
#2 - c4-judge
2024-04-10T07:28:57Z
3docSec marked the issue as grade-b