Missing function to remove a delegated signer
Description
The EthenaMinting contract supports minting and redeeming USDe. The mint
and redeem
functions require a signature from the order, signed by the benefactor or delegated signers. Tokens are taken from the benefactor and sent to the beneficiary after a specific operation.
The InfiniEthenaStrategyVault contract includes a function to set desired delegated signers, allowing multiple signers to be delegated. However, there is no function to remove delegated signers.
Impact
If delegated signers become malicious, they could sign orders for which they are the beneficiary, potentially draining funds approved for EthenaMinting within the InfiniEthenaStrategyVault.
Recommendations
Consider adding a function to remove a delegated signer.
Remediation
This issue has been acknowledged by Infini Labs, and a fix was implemented in commit e12e0666↗.