search

sherlock-audit / 2023-01-uxd-judging

3 stars 1 forks source link

0xhacksmithh - MaxCap(maximum amount of token that can be minted) can set below number of token minted by now #418

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

0xhacksmithh

medium

MaxCap(maximum amount of token that can be minted) can set below number of token minted by now

Summary

can Current mining amount will exceed max capped value

Vulnerability Detail

Here below function setLocalMintCap() only called by owner, setting localMintCap to a new value. It checks whether new value is 0 or not, But there is absence of check whether newMintCap is greater than localMintAmount or not, If owner set wrong value i.e(newMintCap < localMintAmount) then current minting amount exceed the capped value Which cause logic break

function setLocalMintCap(uint256 newMintCap) external onlyOwner { // @audit-issue
        require(newMintCap > 0, "Zero Amount");
        localMintCap = newMintCap;

        emit LocalMintCapChanged(msg.sender, localMintCap);
    }

Impact

May cause some logic break, technical current minting amount exceed max capped minting value

Code Snippet

https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDToken.sol#L95-L101

Tool used

Manual Review

Recommendation

There should be functionality (or require) that checks newMintCap should greater than localMintAmount