Platform: Code4rena
Start Date: 09/11/2021
Pot Size: $75,000 USDC
Total HM: 57
Participants: 27
Period: 7 days
Judge: alcueca
Total Solo HM: 49
Id: 52
League: ETH
Rank: 21/27
Findings: 1
Award: $161.91
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: ksk2345
161.9075 USDC - $161.91
ksk2345
There is a possibility of unintentionally reducing the maxSupply of Vader, via the adjustMaxSupply function
Ref : line 212 in contracts/tokens/Vader.sol * Requirements: * * - the caller must be the DAO * - the new maximum supply must be greater than the current one */ function adjustMaxSupply(uint256 _maxSupply) external onlyDAO { require( _maxSupply >= totalSupply(), "Vader::adjustMaxSupply: Max supply cannot subcede current supply" ); emit MaxSupplyChanged(maxSupply, _maxSupply); maxSupply = _maxSupply; }
As per the comments in the Requirements, we should be only increasing the value than the current value of maxSupply, but in the implementation, its possible to set a new maxSupply to a value below the current maxSupply, since we are comparing with totalSupply()
Manual review
If the Requirement statement is correct then, In function adjustMaxSupply, compare the value with maxSupply
function adjustMaxSupply(uint256 _maxSupply) external onlyDAO { require( _maxSupply >= maxSupply, "Vader::adjustMaxSupply: Max supply cannot subcede current supply" );
#0 - alcueca
2021-12-11T06:04:12Z
No grounds for dispute