Anyone can mint Premium tokens during ICO

CORIONplatform / solidity

GNU General Public License v3.0

12 stars 9 forks source link

Anyone can mint Premium tokens during ICO #83

Closed gundas closed 7 years ago

gundas commented 7 years ago

I think that during the ICO period anyone can call Premium contract mint method specifying the desired owner address and the amount of tokens to mint, because the check in mint function is not correct:

require( msg.sender == icoAddr || isICO );

should be && instead of ||

Additionally the private _mint method does not have checks on the caller.

Does this qualify for the bounty as a Critical bug (since it allows unauthorized creation of Premium tokens) ?

iFA88 commented 7 years ago

Thank you very much! I will reply you later!

iFA88 commented 7 years ago

Hi, we have fixed this bug. Please contact with CEO on attila@corion.io . Thank you!