Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 198
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 164
League: ETH
Rank: 194/198
Findings: 1
Award: $0.74
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Czar102
Also found by: 0xDecorativePineapple, 0xNazgul, 0xSky, 0xbepresent, 0xmatt, Atarpara, Bahurum, DimitarDimitrov, Franfran, GimelSec, JGcarv, JLevick, Junnon, OptimismSec, Rolezn, Ruhum, Soosh, Tomo, Trust, __141345__, adriro, ajtra, bin2chen, cRat1st0s, cccz, cryptonue, d3e4, innertia, jag, joestakey, neumo, obront, pashov, pauliax, pcarranzav, peanuts, rajatbeladiya, rbserver, reassor, seyni, wagmi, zzykxx, zzzitron
0.7375 USDC - $0.74
| File Name | SHA-1 Hash |
|---|---|
| 2022-09-vtl/contracts/token/VariableSupplyERC20Token.sol | c85443294bfb78bd2ce7695b66a9a726a864ed80 |
In function mint there is the if-statement if(mintableSupply > 0), that based on the comment, is needed to make sure that maxSupply is respected. But, in some point, by subtracting the amount from mintableSupply the mintableSupply will be equal to zero. As a consequence, again based on the comment, when mintableSupply is equal to zero then this means mint at will. So, token that has a limited supply can be surpassed.
function mint(address account, uint256 amount) public onlyAdmin { require(account != address(0), "INVALID_ADDRESS"); // If we're using maxSupply, we need to make sure we respect it // mintableSupply = 0 means mint at will if(mintableSupply > 0) { require(amount <= mintableSupply, "INVALID_AMOUNT"); // We need to reduce the amount only if we're using the limit, if not just leave it be mintableSupply -= amount; } _mint(account, amount); }
Check with maxSupply to verify that limited supply can not be surpassed.
VS Code
#0 - 0xean
2022-09-23T23:56:14Z
dupe of #3