The dev/deployer is allowed to mint an unlimited quantity of NFTs without paying to arbitrary recipients. This reduces the token balance and affects token availability for other sale participants, and therefore is significant enough to warrant its own event.
Handle
0xRajeev
Vulnerability details
Impact
The dev/deployer is allowed to mint an unlimited quantity of NFTs without paying to arbitrary recipients. This reduces the token balance and affects token availability for other sale participants, and therefore is significant enough to warrant its own event.
Proof of Concept
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L341-L346
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add an event for devMint and emit at the end of devMint() function.