Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-09-VTVL-FINDINGS-ISSUES-455
HistorySep 23, 2022 - 12:00 a.m.

VariableSupplyERC20Token bypass max supply

2022-09-2300:00:00
Code4rena
github.com
1
variablesupplyerc20token
mintablesupply
max supply limit
JSON

Lines of code

Vulnerability details

Impact

When minting the tokens in VariableSupplyERC20Token the mintableSupply is reduced, thus you can bypass the max supply limit once it hits 0 because 0 means unlimited. As far as I understand, the total supply should never reach the cap set in the constructor (parameter maxSupply_).

Proof of Concept

  function mint(address account, uint256 amount) public onlyAdmin {
      require(account != address(0), "INVALID_ADDRESS");
      // If we're using maxSupply, we need to make sure we respect it
      // mintableSupply = 0 means mint at will
      if(mintableSupply > 0) {
          require(amount <= mintableSupply, "INVALID_AMOUNT");
          // We need to reduce the amount only if we're using the limit, if not just leave it be
          mintableSupply -= amount;
      }
      _mint(account, amount);
  }

Steps:

  1. Mint mintableSupply.
  2. mintableSupply is reduced to 0.
  3. Mint any amount.

Recommended Mitigation Steps

Recommendation: rename mintableSupply to maxSupply (0 meaning unlimited). Do not decrement it here and before performing the mint check that maxSupply == 0 || totalSupply() + amount <= maxSupply.

The text was updated successfully, but these errors were encountered:

All reactions

JSON