Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $75,000 USDC
Total HM: 6
Participants: 55
Period: 7 days
Judge: Albert Chon
Total Solo HM: 2
Id: 116
League: COSMOS
Rank: 23/55
Findings: 1
Award: $453.22
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry
453.2192 USDC - $453.22
https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/CosmosToken.sol#L5
In CosmosToken.sol the amount of tokens minted is set to the max value of uint256. This is a number so large it may render the token worthless from a value standpoint. Adding functionality to mint() additional tokens when needed would be better than minting a max value.
https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/CosmosToken.sol#L5
Manual
Consider setting the number of tokens to mint instead of using the max uint256 value. Looking at the number of tokens minted by other popular tokens can help with this. Also care should be taken so as not to overflow when minting since the version of solidity here is 0.6.6 which does not automatically guard against this.
#0 - maptuhec
2022-05-11T13:41:40Z
Since the token is not used anywhere, and the issue is not critical from vulnerability standpoint, we won't make any changes.
#1 - albertchon
2022-05-18T22:29:39Z
Yes this is a design choice
#2 - JeeberC4
2022-05-19T18:33:56Z
Creating warden QA Report as judge downgraded issue. Preserving original title: CosmosToken.sol mints a max uint256 value