In VariableSupplyERC20Token.sol theres a mint function that can be operate only by admin. The function should operate in 2 ways. IF maxSupply_was declared inconstructor, the admincan only mint as long as the token less thanmaxSupply_/mintableSupply. OR IF maxSupply_wasnβt declared inconstructor, admincan mint at will. BUT because of wrong logic on the contractadminthat should only mint untilmaxSupply_/mintableSupplyreached can mint at will. here the contract logic onmint function
function mint(address account, uint256 amount) public onlyAdmin {
require(account != address(0), "INVALID_ADDRESS");
// If we're using maxSupply, we need to make sure we respect it
// mintableSupply = 0 means mint at will
if(mintableSupply > 0) {
require(amount <= mintableSupply, "INVALID_AMOUNT");
// We need to reduce the amount only if we're using the limit, if not just leave it be
mintableSupply -= amount; //HERE IS THE PROBLEM
}
_mint(account, amount);
}
since mintableSupply always decreased time by time, thereβs no prevention to mintableSupply to drop to 0 which mean, this logic will false and admin still can mint at will.
if(mintableSupply > 0) {
require(amount <= mintableSupply, "INVALID_AMOUNT");
// We need to reduce the amount only if we're using the limit, if not just leave it be
mintableSupply -= amount; //HERE IS THE PROBLEM
}
example:
VScode
instead of decrease the mintableSupply, i recommended to add 1 more variable, let say it called supplyMinted and this variable will increase for every token minted. Add the requirement of minting, the function will revert if supplyMinted greater than mintableSupply (add this requirement after the increment of supplyMinted.
The text was updated successfully, but these errors were encountered:
All reactions