Handsome Sandstone Cottonmouth
Medium
The _onceBlacklisted function in Stablecoin.sol allows the transfer of all tokens from a blacklisted user to the caller. This will cause a complete loss of funds for users as a malicious BLACKLISTER_ROLE holder can exploit this function to drain user balances.
In Stablecoin.sol at line XX, the _onceBlacklisted function transfers the entire balance of a blacklisted user to the caller without additional checks or safeguards.
-
An account must possess the BLACKLISTER_ROLE.
-
The target user must have a non-zero token balance.
-
The attacker must have the capability to invoke addBlackList on the Blacklist contract.
-
The contract must have sufficient token balance to cover the transfer.
-
The attacker, holding the BLACKLISTER_ROLE, calls addBlackList(userAddress).
-
The contract executes _onceBlacklisted(userAddress), transferring all tokens from userAddress to the attacker.
-
The user suffers a complete loss of their token holdings.
Users suffer a loss of all their tokens as the attacker gains their entire balance.
No response
Restrict Role Assignment: Ensure that the BLACKLISTER_ROLE is granted only to highly trusted accounts, preferably using multi-signature wallets.
Implement Additional Safeguards: Modify _onceBlacklisted to transfer tokens to a designated treasury or burn them instead of transferring to the caller.
Audit Role Management: Regularly audit role assignments and implement time-locks for critical role changes to prevent unauthorized access.