Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 198
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 164
League: ETH
Rank: 193/198
Findings: 1
Award: $0.74
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Czar102
Also found by: 0xDecorativePineapple, 0xNazgul, 0xSky, 0xbepresent, 0xmatt, Atarpara, Bahurum, DimitarDimitrov, Franfran, GimelSec, JGcarv, JLevick, Junnon, OptimismSec, Rolezn, Ruhum, Soosh, Tomo, Trust, __141345__, adriro, ajtra, bin2chen, cRat1st0s, cccz, cryptonue, d3e4, innertia, jag, joestakey, neumo, obront, pashov, pauliax, pcarranzav, peanuts, rajatbeladiya, rbserver, reassor, seyni, wagmi, zzykxx, zzzitron
0.7375 USDC - $0.74
In VariableSupplyERC20Token, the maximum supply is meant to cap minting over the specified amount.
function mint(address account, uint256 amount) public onlyAdmin {     require(account != address(0), "INVALID_ADDRESS");     // If we're using maxSupply, we need to make sure we respect it     // mintableSupply = 0 means mint at will     if(mintableSupply > 0) {       require(amount <= mintableSupply, "INVALID_AMOUNT");       // We need to reduce the amount only if we're using the limit, if not just leave it be       mintableSupply -= amount;     }     _mint(account, amount);   }
Projects which set maxSupply (mintableSupply) can actually mint more than the maxSupply since after they have minted the full mintableSupply, mintableSupply = 0, the if check will be false and amount will still be _mint().
Instead of this if check, Projects that do not want a maximum supply should set the mintableSupply to type(uint).max since it is the largest possible value for uint values in solidity.
Alternatively, a new variable bool unlimitedSupply could be added for checking if the project wants an unlimited supply.
#0 - 0xean
2022-09-24T00:30:51Z
dupe of #3