Using the mint() function of L2LivepeerToken, an address with MINTER_ROLE can burn an arbitrary amount of tokens.
If the private key of the deployer or an address with the MINTER_ROLE is compromised, the attacker will be able to mint an unlimited amount of LPT tokens.
We believe this is unnecessary and poses a serious centralization risk.
Recommendation
Consider removing the MINTER_ROLE, make the L2LivepeerToken only mintable by the owner, and make the L2Minter contract to be the owner and therefore the only minter.
Handle
WatchPug
Vulnerability details
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/token/LivepeerToken.sol#L23-L30
Using the
mint()
function ofL2LivepeerToken
, an address withMINTER_ROLE
can burn an arbitrary amount of tokens.If the private key of the deployer or an address with the
MINTER_ROLE
is compromised, the attacker will be able to mint an unlimited amount of LPT tokens.We believe this is unnecessary and poses a serious centralization risk.
Recommendation
Consider removing the
MINTER_ROLE
, make theL2LivepeerToken
only mintable by the owner, and make the L2Minter contract to be the owner and therefore the only minter.