Description

The EthenaMinting contract supports minting and redeeming USDe. The mint and redeem functions require a signature from the order, signed by the benefactor or delegated signers. Tokens are taken from the benefactor and sent to the beneficiary after a specific operation.

The InfiniEthenaStrategyVault contract includes a function to set desired delegated signers, allowing multiple signers to be delegated. However, there is no function to remove delegated signers.

Impact

If delegated signers become malicious, they could sign orders for which they are the beneficiary, potentially draining funds approved for EthenaMinting within the InfiniEthenaStrategyVault.

Recommendations

Consider adding a function to remove a delegated signer.

Remediation

This issue has been acknowledged by Infini Labs, and a fix was implemented in commit e12e0666↗.