Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-05-VETOKEN-FINDINGS-ISSUES-273
HistoryJul 28, 2022 - 12:00 a.m.

Upgraded Q -> M from 9 [1659036743700]

2022-07-2800:00:00
Code4rena
github.com
5
JSON

Judge has assessed an item in Issue #9 as Medium risk. The relevant finding follows:
Centralized risk
The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts.

If the private key of the owner or minter address is compromised, the attacker will be able to mint an unlimited amount of tokens, or burn from arbitrary addresses.

operator can mint and burn arbitrary tokens. I believe this is unnecessary and poses a serious centralization risk.

Recomendation:

Consider reduce centralization risks with timelock contracts.
Affected source code:

VE3Token.sol#L26-L36
VeToken.sol#L23-L33
DepositToken.sol#L26-L36

The text was updated successfully, but these errors were encountered:

All reactions

JSON