manipulation of given supply through mint functionality | There is an absence of checks for the mint functionality which can lead to undesirable effects. | #370
A malicious user can mint as many tokens to whoever they would like. Furthermore, a malicious user can send tokens to themselves. There are no checks in place to prevent these types of actions. Overall, these actions will allow a given user to manipulate the supply.
GalloDaSballo
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/mocks/MockERC721.sol#L12-L14 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/mocks/MockERC20.sol#L13-L15
Vulnerability details
Impact
A malicious user can mint as many tokens to whoever they would like. Furthermore, a malicious user can send tokens to themselves. There are no checks in place to prevent these types of actions. Overall, these actions will allow a given user to manipulate the supply.
Proof of Concept
Reference https://medium.com/blockchannel/the-use-of-revert-assert-and-require-in-solidity-and-the-new-revert-opcode-in-the-evm-1a3a7990e06e https://codedamn.com/news/solidity/what-is-require-in-solidity https://www.tutorialspoint.com/solidity/solidity_function_modifiers.htm
Tools Used
VIM
Recommended Mitigation Steps
Mitigation: there needs to be proper checks on the mint function. (modifier or require statements).