PossumLabsCrypto
commented
1 year ago Thank you but this is not a vulnerability.
burnPortalEnergyTocken() should even be callable by people without an active stake history, i.e. without initialized account. They can just not set themselves as recipient of the internal balance because that would need an active account.
Without an active account it is virtually impossible to call mintPortalEnergyToken.
Github username: @cpp-phoenix Twitter username: aarambh_audits Submission hash (on-chain): 0x769d0a962f4767022b9e0764f8bf8239ed5619a85b22f2fa0d4a553caadd50e8 Severity: low
Description: Description\ The methods
mintPortalEnergyToken()&burnPortalEnergyToken()is missing the existingAccount() check. Although the txn will revert later on in the execution. It is good practice to add the modifier as the methods rely on user to have an account to mint or burn portal energy