Tall Burgundy Nightingale
High
The inadequate validation of maxLimit and minLimit in UpdateXYZ() will cause potential loss of funds and broken invariants for users as malicious or careless admins can set limits that create locked tokens or impossible mint/burn conditions.
In StablecoinHandler.sol the UpdateXYZ function only checks if maxLimit > minLimit without validating against current token state:
MAINTAINER_ROLE needs to call UpdateXYZ() to set new limits
maxLimit needs to be set lower than current token supply
minLimit needs to be set higher than current token supply
Token must be currently valid (validity = true)
No response
Admin/Maintainer calls UpdateXYZ with new limits
New limits are set without checking current token supply
If maxLimit < currentSupply:
No new tokens can be minted
System becomes stuck at current supply level
If minLimit > currentSupply:
No tokens can be burned
Users cannot reduce their positions
If both conditions occur:
Token becomes completely frozen
No mint or burn operations possible
The protocol and users suffer from:
Tokens becoming permanently locked if limits trap current supply
Unable to perform necessary mint/burn operations
No response
Add reasonable bounds
function UpdateXYZ(
address token,
bool validity,
uint256 maxLimit,
uint256 minLimit
) external virtual onlyRole(MAINTAINER_ROLE) {
require(maxLimit > minLimit, "Invalid limits");
uint256 currentSupply = IERC20(token).totalSupply();
require(maxLimit >= currentSupply, "Max limit below current supply");
require(minLimit <= currentSupply, "Min limit above current supply");
+ // Add reasonable bounds
+ require(maxLimit <= MAX_POSSIBLE_SUPPLY, "Max limit too high");
+ require(minLimit >= MIN_REASONABLE_SUPPLY, "Min limit too low");
StablecoinHandlerStorage storage $ = _getStablecoinHandlerStorage();
$._eXYZs[token].validity = validity;
$._eXYZs[token].maxSupply = maxLimit;
$._eXYZs[token].minSupply = minLimit;
emit XYZUpdated(
token,
validity,
maxLimit,
minLimit,
currentSupply,
msg.sender
);
}