search

code-423n4 / 2024-06-vultisig-findings

2 stars 0 forks source link

Burning functionality is missing in Vultisig contract #230

Closed howlbot-integration[bot] closed 4 months ago

howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-06-vultisig/blob/cb72b1e9053c02a58d874ff376359a83dc3f0742/hardhat-vultisig/contracts/Vultisig.sol#L11

Vulnerability details

Impact

Vultisig token is not burnable as expected.

Proof of Concept

In Official project documentation, it says that Vultisig token should be burnable:

100,000,000 starting supply 80% in launch liquidity 20% allocated to an airdrop ERC20 with ERC777 extensions: approveAndCall() and _beforeTransferHook() Ownable, but not mintable (to set launch params) Burnable

However in Vultisig contract, no such function is provisioned, this means Vultisig token cannot be burned even if it is expected. Since no statement from sponsor team says that the official doc is outdated / invalid, I believe this should be a valid medium.

Tools Used

Manual Review

Recommended Mitigation Steps

Add Burning functionality in Vultisig contract.

Assessed type

ERC20

c4-judge commented 4 months ago

alex-ppg marked the issue as duplicate of #224

c4-judge commented 4 months ago

alex-ppg marked the issue as satisfactory