Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-09-VTVL-FINDINGS-ISSUES-256
HistorySep 23, 2022 - 12:00 a.m.

admin still can mint token even if limit is reached

2022-09-2300:00:00
Code4rena
github.com
3
vulnerability
variablesupplyerc20token
admin
mint function
logic
contract
prevention
supplyminted
mintablesupply
JSON

Lines of code

Vulnerability details

Impact

In VariableSupplyERC20Token.sol theres a mint function that can be operate only by admin. The function should operate in 2 ways. IF maxSupply_was declared inconstructor, the admincan only mint as long as the token less thanmaxSupply_/mintableSupply. OR IF maxSupply_wasn’t declared inconstructor, admincan mint at will. BUT because of wrong logic on the contractadminthat should only mint untilmaxSupply_/mintableSupplyreached can mint at will. here the contract logic onmint function

    function mint(address account, uint256 amount) public onlyAdmin {
        require(account != address(0), "INVALID_ADDRESS");
        // If we're using maxSupply, we need to make sure we respect it
        // mintableSupply = 0 means mint at will
        if(mintableSupply > 0) {
            require(amount <= mintableSupply, "INVALID_AMOUNT");
            // We need to reduce the amount only if we're using the limit, if not just leave it be
            mintableSupply -= amount; //HERE IS THE PROBLEM
        }
        _mint(account, amount);
    }

since mintableSupply always decreased time by time, there’s no prevention to mintableSupply to drop to 0 which mean, this logic will false and admin still can mint at will.

        if(mintableSupply > 0) {
            require(amount <= mintableSupply, "INVALID_AMOUNT");
            // We need to reduce the amount only if we're using the limit, if not just leave it be
            mintableSupply -= amount; //HERE IS THE PROBLEM
        }

#Proof of Concept

example:

  1. Alice deploy the contract with maxSupply_ of 100, and say that her token will only 100 supply
  2. when supply of the token reached 100, Alice mint another 100000 token that make the 100 maxSupply will worth nothing

Tools Used

VScode

Recommended Mitigation Steps

instead of decrease the mintableSupply, i recommended to add 1 more variable, let say it called supplyMinted and this variable will increase for every token minted. Add the requirement of minting, the function will revert if supplyMinted greater than mintableSupply (add this requirement after the increment of supplyMinted.

The text was updated successfully, but these errors were encountered:

All reactions

JSON