search

code-423n4 / 2023-07-amphora-findings

3 stars 2 forks source link

AMPH token allows owner to mint an arbitrary amount of tokens #344

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-amphora/blob/daae020331404647c661ab534d20093c875483e1/core/solidity/contracts/governance/AmphoraProtocolToken.sol#L20

Vulnerability details

Impact

The AmphoraProtocolToken contract, as it is currently implemented, allows the owner to mint an arbitrary number of AMPH tokens. The project documentation, however, stipulates a maximum supply of 10 billion AMPH tokens. This discrepancy could lead to inflation of the token supply beyond what users have been led to expect, potentially undermining trust in the project and devaluing the token.

Proof of Concept

https://github.com/code-423n4/2023-07-amphora/blob/daae020331404647c661ab534d20093c875483e1/core/solidity/contracts/governance/AmphoraProtocolToken.sol#L20

This mint function, which is accessible only by the contract owner, allows an arbitrary number of tokens to be minted without any checks on the total supply. This contradicts the project documentation, which assert a maximum supply of 10 billion AMPH tokens.

Tools Used

Manual Review

Recommended Mitigation Steps:

Implement a maxSupply variable that is checked within the mint function to ensure the total supply of AMPH tokens never exceeds the stated maximum of 10 billion.

Assessed type

Other

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #314

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Invalid