There is a possibility of the rJOE tokens in RocketJoeToken.sol to be minted by original owner without staking any JOE, before the ownership is transferred to RocketJoeStaking
Proof of Concept
Contract : RocketJoeToken.sol
Line : 37
function mint(address _to, uint256 _amount) external onlyOwner {
_mint(_to, _amount);
}
Tools Used
Manual review
Recommended Mitigation Steps
The transferOwnership(address) function inherited from Ownable.sol is used to change to a new owner i.e., RocketJoeStaking.
In the RocketJoeToken.sol contract, define and override this function with an additional check that the totalSupply <= 0
Handle
hubble
Vulnerability details
Impact
There is a possibility of the rJOE tokens in RocketJoeToken.sol to be minted by original owner without staking any JOE, before the ownership is transferred to RocketJoeStaking
Proof of Concept
Contract : RocketJoeToken.sol Line : 37 function mint(address _to, uint256 _amount) external onlyOwner { _mint(_to, _amount); }
Tools Used
Manual review
Recommended Mitigation Steps
The transferOwnership(address) function inherited from Ownable.sol is used to change to a new owner i.e., RocketJoeStaking. In the RocketJoeToken.sol contract, define and override this function with an additional check that the totalSupply <= 0