Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 198
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 164
League: ETH
Rank: 195/198
Findings: 1
Award: $0.74
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: Czar102
Also found by: 0xDecorativePineapple, 0xNazgul, 0xSky, 0xbepresent, 0xmatt, Atarpara, Bahurum, DimitarDimitrov, Franfran, GimelSec, JGcarv, JLevick, Junnon, OptimismSec, Rolezn, Ruhum, Soosh, Tomo, Trust, __141345__, adriro, ajtra, bin2chen, cRat1st0s, cccz, cryptonue, d3e4, innertia, jag, joestakey, neumo, obront, pashov, pauliax, pcarranzav, peanuts, rajatbeladiya, rbserver, reassor, seyni, wagmi, zzykxx, zzzitron
0.7375 USDC - $0.74
If mintableSupply is set in VariableSupplyERC20Token.contructor(), the token wonโt allow minting over mintableSupply. However, mintableSupply will reduce after every minting. Once mintableSupply is reduced to zero, the token can be minted unlimitedly.
mintableSupply is set to 100mintableSupply = 100 - 50 = 0mintableSupply = 50 - 50 =0if(mintableSupply > 0) is not ture, the token can be minted unlimitedlyfunction mint(address account, uint256 amount) public onlyAdmin { require(account != address(0), "INVALID_ADDRESS"); // If we're using maxSupply, we need to make sure we respect it // mintableSupply = 0 means mint at will if(mintableSupply > 0) { require(amount <= mintableSupply, "INVALID_AMOUNT"); // We need to reduce the amount only if we're using the limit, if not just leave it be mintableSupply -= amount; } _mint(account, amount); }
Manual Review
Donโt treat mintableSupply = 0 as mint at wil. Maybe use a flag like mintableUnlimited for unlimited supply.
#0 - 0xean
2022-09-24T00:36:41Z
dupe of #3