Users can silently burn tokens with transfers to 0x0

Question

Users can silently burn tokens with transfers to 0x0

ggrieco-tob opened this issue 5 years ago · comments

Severity: Low
Difficulty: Low

Description

The amount of minted tokens is tracked in the BToken contract by the totalSupply function. Burning tokens is only possible using an internal operation (called by BPools). However, the transfer and transferFrom methods do not restrict the address destination of address(0x0), allowing tokens to effectively be burned without decreasing the totalSupply variable.

Exploit Scenario

Alice create a pool and uses some off-chain code to manage it. A calculation results in a transfer to the null or empty address of 0x0. As a result, Alice loses her tokens.

Recommendation

Add a require condition in transfer and transferFrom that explicitly forbids burning tokens transfer them to 0x0.

Long term, use Echidna and Manticore to check that the BToken does not allow to easily burn tokens transfer them to 0x0.

Mike McDonald · Answer 1 · Mon Feb 03 2020 00:32:11 GMT+0800 (China Standard Time)

Won't fix - no restrictions to 0 addresses will be added to the core protocol