Inexistent Validation of Distributor Status #359
Description
RER-01M: Inexistent Validation of Distributor Status
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  |
RedeemableERC20.sol:L273-L288 |
Description:
The endDistribution function accepts a distributor_ argument meant to represent the actual distributor of the redeemable ERC20 from which funds should be burned / transferred from. However, no validation as to the actual status of the distributor_ exists as they are not known during construction / initialization.
Example:
function endDistribution(address distributor_)
external
onlyPhase(PHASE_DISTRIBUTING)
onlyAdmin
{
schedulePhase(PHASE_FROZEN, block.number);
address forwardTo_ = distributionEndForwardingAddress;
uint256 distributorBalance_ = balanceOf(distributor_);
if (distributorBalance_ > 0) {
if (forwardTo_ == address(0)) {
_burn(distributor_, distributorBalance_);
} else {
_transfer(distributor_, forwardTo_, distributorBalance_);
}
}
}Recommendation:
We strongly advise this trait of the system to be revised whereby the distributor is set during initialization as otherwise there is no guarantee the distributor passed in the function is the actual one. As an example, a "burnable" redeemable ERC20 may be defined and once the endDistribution function is called a user-address is supplied instead thereby grieving them of their funds as well as permitting the owner to retain the redeemable ERC20 in the initial distributor without necessarily setting up a forwarding address. Alternatively, a warning should be introduced that states there is no guarantee that the distributor matches the actual one and that it is up to the derivative contracts that interface with it to restrict the input address of the function.