Can lead to unlimited minting of tokens
If any of the provided roles / actors get malicious, then unlimited number for tokens either for mint or redeem, can lead to loss for the protocol.
It should be onlyadmin based or either should be checked for large numbers/threshold or timelock maybe and should be verified by admin.
e.g.
CitadelToken.sol L#40
function mint(address dest, uint256 amount)
external
onlyRole(CITADEL_MINTER_ROLE)
gacPausable
{
_mint(dest, amount);
}
}
The text was updated successfully, but these errors were encountered:
All reactions